Microsoft fumes about security bounty
Roy Culley
MICROSOFT is fuming over a move by security outfit iDefense to
offer hackers a $10,000 bounty for finding serious flaws in its
software.
...
A spokesVole told EWeek that paying for flaws is not the best way
to secure software products. Microsoft thinks that the best way
forward is what it calls \u201cresponsible disclosure\u201d where
the person who finds the flaw tells Microsoft, who eventually
releases a patch and then announces the glitch has been found.
....
However it claims its bounty system was a good way to get a list
of bugs in the software. Last year iDefense found three 'critical'
vulnerabilities and reported them to Microsoft,
A spokesman for iDefense said that it was ironic that Vole offered
$250,000 to capture a virus writer, but didn't want to pay for
information that would stop the propagation of the virus.
See, it is possible to make money from MS SW. Sadly, that's just for
the few. Those who have to use Windows lose money hand over foot just
to keep the bug ridden 'OS' running.
Roy Schestowitz
This bounty hunt was announced about a week ago (I think I posted a link
to COLA). I don't see how this badly affects Microsoft. If anything, they
should be grateful. They are getting free bug tracking; and reports too.
In WordPress, for instance, a 'bounty hunt' was announced as part of our
attempt to squash as many bugs as possible. Several dozens were discovered
and then mended. So what is Microsoft whining about? Make good products
and show that bounty hunts are pointless, even when the code if closed--
source. The Linux kernel is metaphorically naked, it out there and yet
no-one is able to break it to pieces. Many eyes are watching and it works
to one's advantage.
rex.b...@gmail.com
prohibits any form of reengineering. In the Stacker case and the
IBM/Cyrix vs Microsoft cases, Microsoft claimed that disclosures made
to the court were a violation of the Microsoft EULA. These disclosures
included code that proved that Microsoft had deliberately targeted
Stacker and the Cyrix chip and had created destructive code. At
minimum, the code created an appearant malfunction.
Of course, the judges in these cases ruled that Microsoft was using
this clause to obstruct justice, and therefore, for that particular
case, the evidence was admissible. Microsoft quickly settled the Cyrix
case - in fact, so quickly that it was pretty obvious they had drafted
the first version of the settlement. In the case of Stacker, Microsoft
lost the case and was ordered to pay 200 million dollars to Stack.
Unfortunately, not every judge rules against Microsoft. For example,
Microsoft was able to get a judge to issue an injunction against web
sites that disclosed the vulnerabilities of ActiveX controls. There
were about 8 examples of things that people could do with ActiveX
controls - including the ability to create, open,read, write, modify,
hide, delete, and transfer file content via e-mail or http get or post
transactions - all without the user's knowledge. In fact, when users
use outlook express in default settings, all they have to do to execute
these functions is PREVIEW an e-mail.
In other cases, Microsoft has relied on "partners". When a site owner
in Texas published DVD drivers which included DVD-CSS decoders,
Microsoft let the MPAA do the dirty work. Eventually, the site owner
was aquitted, but only after a very long series of court battles,
including attempts to move the case to Los Angeles federal court - even
though the offense was committed in Texas.
There is even the possibility that Microsoft will use the Department of
Homeland Security to get and enforce gag orders. After all, if
Microsoft has configured back doors in Microsoft which can and have
been used to "tap" into the computers of suspected terrorists, then
disclosures of these capabilities could be considered to be an act of
terrorism. Given the treatment of "Terrorists" and "Enemy Compatants"
by the Bush administration, the "prize money" wouldn't even cover the
first day of "interrogation".
Suppose, for example, that Microsoft used the "extensions" they
implemented in Kerberos to identify specific users, and that this
identification could be used to get their key using a special
"disclosure code". This would allow Microsoft to get the tokens and
get access to any machine on any workstation or server.
If Microsoft perceives the code running on your PC as "their" property,
they might feel that they have a legal right to search your PC for any
information - ranging from piracy to the content of Microsoft Office
documents and outlook e-mail.
Now, suppose, in exchange for favorable treatment from the DOJ,
Microsoft offered privilidged information to the DHS. This would be
information provided by an "informant" acting idependently. Much the
same way detectives go to snitches for enough information about drug
dealers or street gang leaders to get initial search warrants and other
court orders needed to create the case for conviction.
In this hypothetical situation, disclosure of this capability could be
seen as interfering with the business of the DHS. One could quickly
find themselves in Guantanimo bay.
Suppose that this was not the only type of information Microsoft
provided. Suppose Microsoft provided damaging information about
various political candidates to various political campaigns.
Now, public disclosure could get really nasty. There would be far too
many people who would not want anyone interfering with Microsoft's
abilities.
Of course, all of this is hypothetical. But when you consider all of
Microsoft's efforts to prevent and evade public disclosure of this type
of information, it's not that hard to believe that they are hiding
SOMETHING.
Roy Schestowitz
There is a reason why Vista's encrypted filesystem has become notorious
already. Its key to decoding is owned by a closed-source monopoly and not
just the owner of the key (similar issues with DRM). Moreover, given the
ease at which Windows machines can be captured, controlled and sniffed by
the curious hobbyists, you could only imagine that Governments which depend
on Microsoft could access virtually any computer, with Microsoft's help.
Yahoo have committed similar crimes (disclosure of key evidence that had a
Chinese bloke arrested). Given Yahoo's fairly decent history, why would
Microsoft be the exception? The key difference: Microsoft has a desktop
monopoly. They don't control webspaces, log files and cookie-bound data.
They potentially have possession of people's hard-drive, i.e. entire
information. They can exploit their own loopholes, whether deliberate or
accidental back doors.
These would be serious accusations to make. One needs to be cautious when
making such presumption without corroboration. In fact, I bet some of the
Wintrolls would have soon jumped on this and refute everything, as would
Microsoft. Luckily, long threads put them off.
Given the radical behaviour of the Bush administrator, I can foresee the day
when some absurdity such as a search warrant will have its electronic
equivalent. In such circumstances, closed-source alliances are the
Government's best friend. It's like brainwash or censorship that cannot be
fought, for the source code is concealed.
Best wishes,
Roy
--
Roy S. Schestowitz | Software patents destroy innovation
http://Schestowitz.com | SuSE Linux | PGP-Key: 0x74572E8E
2:50pm up 5 days 3:09, 9 users, load average: 0.19, 0.60, 0.53
http://iuron.com - Open Source knowledge engine project
Erik Funkenbusch
> This could turn into a really interesting court case. Microsoft's EULA
> prohibits any form of reengineering. In the Stacker case and the
> IBM/Cyrix vs Microsoft cases, Microsoft claimed that disclosures made
> to the court were a violation of the Microsoft EULA. These disclosures
> included code that proved that Microsoft had deliberately targeted
> Stacker and the Cyrix chip and had created destructive code. At
> minimum, the code created an appearant malfunction.
Rex, you keep talking about this alleged IBM/Cyrix vs Microsoft case, but
there is no evidence it even exists. The only hits come up from YOUR web
site. This is, plain and simple, one of your fabrications.
> Of course, the judges in these cases ruled that Microsoft was using
> this clause to obstruct justice, and therefore, for that particular
> case, the evidence was admissible. Microsoft quickly settled the Cyrix
> case - in fact, so quickly that it was pretty obvious they had drafted
> the first version of the settlement. In the case of Stacker, Microsoft
> lost the case and was ordered to pay 200 million dollars to Stack.
You can't even get figures from KNOWN cases correct, Rex. First, the Jury
awarded Stac $120 Million (not 200). Second, Microsoft *WON* a
counter-suit regarding reverse engineering for $16.5 Million, so it seems
highly unlikely that Microsoft's anti-reverse engineering clause was
considered "obstruction of justice".
In the end, Microsoft and Stac settled. Microsoft paid Stack $40 million
and bough $43 Million in stock.
> Unfortunately, not every judge rules against Microsoft. For example,
> Microsoft was able to get a judge to issue an injunction against web
> sites that disclosed the vulnerabilities of ActiveX controls.
Again, you haven't been able to substantiate this claim, despite making it
over and over again, and my asking you over and over again to do so. I
even told you that I would accept an admission by the owner of
ultraviolet.org (whom you claim this happened to, and that you know
personally) that this happened, yet you refuse to do so.
> In other cases, Microsoft has relied on "partners". When a site owner
> in Texas published DVD drivers which included DVD-CSS decoders,
> Microsoft let the MPAA do the dirty work. Eventually, the site owner
> was aquitted, but only after a very long series of court battles,
> including attempts to move the case to Los Angeles federal court - even
> though the offense was committed in Texas.
Jesus Rex, now you're not even being technically feasible. DVD drivers do
not decode the content. That's what a codec does. And further, why would
Microsoft even CARE? Certainly the MPAA does, by would Microsoft?
> There is even the possibility that Microsoft will use the Department of
> Homeland Security to get and enforce gag orders.
There's even the possibility that one day you might stop having these
delusions. Not likely, though.
> Suppose, for example, that Microsoft used the "extensions" they
> implemented in Kerberos to identify specific users, and that this
> identification could be used to get their key using a special
> "disclosure code". This would allow Microsoft to get the tokens and
> get access to any machine on any workstation or server.
This is not "extensions". It's what Kerberos is designed for, central
security. Workstations are the property of the company that owns them, and
they should have a right to override the users encryption to gain access to
whatever is on them. This is key when, for example, a user quits and there
is important information on the users system.
> If Microsoft perceives the code running on your PC as "their" property,
> they might feel that they have a legal right to search your PC for any
> information - ranging from piracy to the content of Microsoft Office
> documents and outlook e-mail.
While the code may be their property, the data is not, and they know this.
> Of course, all of this is hypothetical.
Of course it is... as is EVERYTHING you write.
> But when you consider all of
> Microsoft's efforts to prevent and evade public disclosure of this type
> of information, it's not that hard to believe that they are hiding
> SOMETHING.
You see denial as evasion. It never crosses your mind that if someone
isn't guilty, they will deny something as much as someone who is.
Therefore, the two are identical to you.
Shmuel (Seymour J.) Metz
02/22/2006
at 06:24 AM, rex.b...@gmail.com said:
>Eventually, the site owner
>was aquitted, but only after a very long series of court battles,
>including attempts to move the case to Los Angeles federal court -
>even though the offense was committed in Texas.
What offense? If he was acquitted then the legal process determined
that there was no offense, at least not by the defendant, although
there might well have been a Rule 11 violation by m$ and the MPAA.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT <http://patriot.net/~shmuel>
Unsolicited bulk E-mail subject to legal action. I reserve the
right to publicly post or ridicule any abusive E-mail. Reply to
domain Patriot dot net user shmuel+news to contact me. Do not
reply to spam...@library.lspace.org
Rex Ballard
Erik Funkenbusch wrote:
> On 22 Feb 2006 06:24:26 -0800, rex.b...@gmail.com wrote:
>
> > This could turn into a really interesting court case. Microsoft's EULA
> > prohibits any form of reengineering. In the Stacker case and the
> > IBM/Cyrix vs Microsoft cases, Microsoft claimed that disclosures made
> > to the court were a violation of the Microsoft EULA. These disclosures
> > included code that proved that Microsoft had deliberately targeted
> > Stacker and the Cyrix chip and had created destructive code. At
> > minimum, the code created an appearant malfunction.
>
> Rex, you keep talking about this alleged IBM/Cyrix vs Microsoft case, but
> there is no evidence it even exists. The only hits come up from YOUR web
> site. This is, plain and simple, one of your fabrications.
It existed - the suit was filed when Microsoft released SP2 for Windows
NT 4.0. When IBM presented their evidence - showing the exact code -
along with documentation that showed that this was a deliberate exploit
of a well-known flaw, Microsoft's defense was that the evidence should
be inadmissable because the EULA prohibited reverse engineering. The
Judge ruled against Microsoft and within about 2 days, Microsoft
quickly offered a settlement - terms were sealed, however Microsoft
issued SP3 within a few days after the settlement was accepted.
Microsoft really isn't completely above the law, but with $20 billion
in cash, they can quickly put up a few $million in cash and settlement
with some weasel clauses, seal the records, and make the whole thing
"Dissappear".
The only remaining records are print hardcopy accounts in hardcopy
publications. Since the settlements preempt a final judgement, the
terms normally allow Microsoft to say they didn't knowingly do anything
wrong, the judge usually accepts the settlement since the plaintiff is
satisfied.
In print publications - the papers generally publish a retraction. In
on-line publications, all records of the original story and the case
are completely removed from the web site.
-- I'm not sure if these records are available on Lexus. I don't have
the subscription access anymore. Does anyone else know if there are
records on that database?
Erik Funkenbusch
> Erik Funkenbusch wrote:
>> On 22 Feb 2006 06:24:26 -0800, rex.b...@gmail.com wrote:
>>
>>> This could turn into a really interesting court case. Microsoft's EULA
>>> prohibits any form of reengineering. In the Stacker case and the
>>> IBM/Cyrix vs Microsoft cases, Microsoft claimed that disclosures made
>>> to the court were a violation of the Microsoft EULA. These disclosures
>>> included code that proved that Microsoft had deliberately targeted
>>> Stacker and the Cyrix chip and had created destructive code. At
>>> minimum, the code created an appearant malfunction.
>>
>> Rex, you keep talking about this alleged IBM/Cyrix vs Microsoft case, but
>> there is no evidence it even exists. The only hits come up from YOUR web
>> site. This is, plain and simple, one of your fabrications.
>
> It existed - the suit was filed when Microsoft released SP2 for Windows
> NT 4.0. When IBM presented their evidence - showing the exact code -
> along with documentation that showed that this was a deliberate exploit
> of a well-known flaw, Microsoft's defense was that the evidence should
> be inadmissable because the EULA prohibited reverse engineering. The
> Judge ruled against Microsoft and within about 2 days, Microsoft
> quickly offered a settlement - terms were sealed, however Microsoft
> issued SP3 within a few days after the settlement was accepted.
Yet there is no reference to this case anywhere, not even in various law
databases.
> Microsoft really isn't completely above the law, but with $20 billion
> in cash, they can quickly put up a few $million in cash and settlement
> with some weasel clauses, seal the records, and make the whole thing
> "Dissappear".
You can't make a case dissappear. You can, at best, make the details of it
dissappear, but the case itself will leave a paper trail. Such a paper
trail doesn't seem to exist, and you can't point to any evidence to support
it.
> The only remaining records are print hardcopy accounts in hardcopy
> publications.
Such as? What publications? Provide a citation, and I'll look it up. Why
is it, Rex, that *EVERYTHING* you "remember" conveniently got "lost" on the
internet, and only exists in obscure publications that you refuse to name?
Face it, Rex, you're full of shit.
> Since the settlements preempt a final judgement, the
> terms normally allow Microsoft to say they didn't knowingly do anything
> wrong, the judge usually accepts the settlement since the plaintiff is
> satisfied.
I don't care about the terms. Just prove the case even existed in the
first place. I find no evidence that such a case ever happened.
> In print publications - the papers generally publish a retraction. In
> on-line publications, all records of the original story and the case
> are completely removed from the web site.
>
> -- I'm not sure if these records are available on Lexus. I don't have
> the subscription access anymore. Does anyone else know if there are
> records on that database?
It doesn't exist in Lexus. I had a lawyer friend look it up. At least
nothing matching the terms of IBM, Microsoft, and Cyrix.
So tell me again, if you're the only one that remembers this "case", did it
ever really happen?
Rex Ballard
Cyrix machines that litereally melted after I installed SP2. It was
quite spectacular - you'd install the new upgrade - the PC wouldn't
boot, and when you tried to reboot again, you couldn't even boot the
ROM. I replaced the Cyrix chips with AMD chips and things worked
better again. A bit later, I saw the article - it wasn't front page
news - more like the middle of one of those weekly magazines like
e-week or InfoWorld.
Here are some references to the problem:
http://www.realworldtech.com/altcpu/subpages/6x86faq/faq5of7.htm
<blockquote>
Obviously IBM is aware of the 6x86 bug, but they want end users to get
a replacement IBM 6x86 from the vendor that sold them the chip.
Unfortunately, this puts you at the mercy of the point of purchase. I
wonder how many IBM vendors are aware of the whole 6x86 and NT 4.0
debacle. I would hate to have to explain this one.
Once again IBM's dedication to customer service continues to shine. I
have not heard of anyone who has had a successful IBM 6x86 exchange.
</blockquote>
http://www.info.uvt.ro/~lcucu/htmldocs/toms/cpu.html#The%20Cyrix
Documentation of the F00F bug
Published November 1997
http://linuxmafia.com/faq/Hardware/f00f-bug.html
Here's something in German:
http://web.archive.org/web/20031005151143/www.heise.de/ct/97/13/030/
(Germany doesn't allow Microsoft or others to surpress "Benchmarks" and
other damaging information).
Service Pack 3 was released May of 1997 (according to Wiki)
http://en.wikipedia.org/wiki/Windows_NT_4.0
Cyrix was purchased in a takover by National Semiconductor in November
of 1997.
Later National Semiconductor sold the Cyrix operation to VIA - who now
makes the chips used in a number of Low-End Linux PCs including those
marketed by Walmart, Staples, and Fry's.
This may have been part of the indisclosed settlement:
http://www.windowsitpro.com/Article/ArticleID/17458/17458.html
<blockquote>
Cyrix Corporation, makers of the Intel x86-compatible 6x86 line of
CPUs, is planning a low-cost platform for business computers that would
enable $500 computers that could run Windows NT 5.0. The Cyrix MediaGX
processor platform incorporates Cyrix's 180 MHz CPU, an Ethernet
adapter and a remote-controllable BIOS. 200 MHz and 300 MHz of the
MediaGX processor are expected soon as well. Cyrix keeps costs low by
incorporating memory, audio, video, and PCI controllers on a single
chip, rather than with add-on cards.
Cyrix worked with Microsoft to develop drivers for the system that work
with Windows NT 5.0 and both companies will demonstrate the systems
next week at Fall Comdex.
"We're moving the MediaGX into corporate very fast," said Steve Tobak,
VP of corporate and channel marketing for Cyrix. "We are about two
years ahead of Intel," said Tobak, noting that Intel is busy working on
sub-$1000 PCs, not $500 machines that do the same thing. "This is
complete validation of what we've been doing; we expect at least one
top-tier customer using this in a NetPC or a managed PC in the first
half of '98."
Cyrix will demonstrate some other impressive technologies at Comdex,
including a 300 MHz MMX-enabled 6x86 running on an 83 MHz bus and a 266
MHz MMX 6x86 running on a 75 MHz bus. Intel systems are limited to a 66
MHz bus at this time, though a 100 MHz bus, which requires a special
chipset and a new type of Pentium II, will be available in 1998. Cyrix
has also announced plans to incorporate Ethernet capability directly
into their CPUs.
</blockquote>
Of course, we know that Windows NT 5.0 wasn't released for almost
another 3 years - as Windows 2000.
Here's reference to the infamous F00F bug:
http://www.windowsitpro.com/Authors/Index.cfm?Action=Author&StartRow=5321&MaxRowsPerPage=20&Total=5432&AuthorID=879
<blockquote>
November 10, 1997
Pentium bug discovered
A new bug that crashes Pentium and Pentium MMX computers is feared as a
weapon for sabotage, according to a report on the Intel Secrets Web
site. An Intel spokesperson confirmed the existence of the bug on
Monday and
WinInfo
</blockquote>
Unfortunately, the links to which this referred have been "updated".
Paul Thurrott's articals only go back to September 29, 1997 - This
incident would have happened around July of 1997.
It really took some digging just to find CACHED references to any of
this.
Here's the Timeline:
<blockquote>
Search
Focus on Windows
Focus on Windows Historical Timeline - 1997
<Back to Last Page> <Introduction>
January 3: Microsoft released Wolfpack beta (clustering software for
NT).
January 3: Exchange Server 5.0 final beta released.
Other Years
· 2004
· 2003
· 2002
· 2001
· 2000
· 1999
· 1998
· 1997
· 1996
· 1995
· 1994
· 1993
· 1992
· 1991
· 1990
· 1980's
· 1970's & earlier
January 6: "Memphis" (Windows 97?) enters testing with "Developers
Release."
January 13: Microsoft releases Service Pack 2 for NT 4.
January 19: Office 97 Ships.
February: Intel releases 233 MHz Pentium Pro.
February 5: Information and Interactive Services Report says 18 million
people were using the Internet by the end of 1996.
February 7: Microsoft quits developing NT for the PowerPC.
February 17: Exchange Server 5.0 released.
February 24: Microsoft released IE 4.0.
March 25: IE 3.02 released.
April 25: Wolfpack Beta 2 released.
April 28: NetMeeting 2.0 ships.
April 29: Business Week reports that 40 million people are "surfin the
'Net.
May 5: Pentium II floating point error reported.
May 12: Microsoft announces that it is developing thin client support
for Windows NT with the help of Citrix Systems, Inc.
June 27: Microsoft releases Beta of Internet Information Server 4.0.
July: Site Server 2.0 ships.
July 14: Microsoft releases Beta of Proxy Server 2.0.
August 4: DirectX 5.0 ships.
August 6: Microsoft releases Office 97 Service Release 1.
September: Microsoft unveils Beta 1 of Windows NT 5.0 at the
Professional Developers Conference.
September 16: Windows NT Server 4.0 Enterprise Edition released to
manufacturing.
October: Windows NT 4.0, Enterprise Version ships.
October 3: IE 4.0 released - 1 million downloads reported in first 24
hours.
October 8: Proxy Server 2.0 ships.
October 14: Windows CE 2.0 ships.
October 22: Small Business Server ships.
November 5: NetMeeting 2.1 released.
November 17: Exchange Server 5.5 is released.
November 17: Windows NT 4.0 Workstation sales hit 11 million.
November 21: Beta 1 of "Hydra" (Terminal Services for NT 4) released.
December 1: SNA Server 4.0 is released.
December 2: IE 4.01 released.
December 2: Windows NT Server 4.0 Option Pack is released.
December 9: Microsoft BackOffice Server 4.0 is released.
December 11: Service Pack 3 for SMS 1.2 released.
December 15: Beta 2 of Windows 98 released.
December 19: Service Pack 4 for SQL Server 6.5 released.
December: Microsoft announces it has shipped 1.3 million copies of NT
Server.
Date Unknown: Intel introduces the Pentium II processor.
Date Unknown: AMD introduces the K6 processor.
Date Unknown: Cyrix releases the 6x86MX processor.
Sources
1 - Winmag.com
2 - WinInfo
Disclaimer: I have taken every effort to research and credit the
original source of this information. However, I cannot guarantee that
all of the dates and information are complete or correct.
</blockquote>
Here is another timeline - bug reports:
http://www.spanbauer.com/bugs.htm
<blockquote>
Bugs and Fixes / Bug Watch
Bugs by Year: 1998, 1997, 1996, 1995
January 2000
* For the Last Time Already, Y2K!
* Author Metamorphosis
December 1999
* Don't Sweat Y2K Virus Rumors
* IE 5.01? Any Day Now
* Communicator 128-Bit Update
* In Brief
Eudora 4.2.1
Windows 9x Telnet Client Patch
November 1999
* Microsoft Security Goes to the Dogs
* Get Your Game in Shape
* In Brief
Windows 98 SE Shutdown Patch
WordPerfect Office 2000 Service Pack
October 1999
* Windows 98 SE: Uphill Upgrade?
* Windows NT 4 Service Pack 6
September 1999
* Outlook Patch Misses the Point
* Check Win 98's File Checker
* Escape Norton AntiVirus Lockups
* InBrief
The Last Word on Windows 98 Updates
Netscape Communicator 4.61
August 1999
* Windows 98: Pick Your Patch
* Excel 97 Virus Alert
* Communicator 4.6, Guninski 3
* The IE 5 Saga Continues
* InBrief
Fixing Guard Dog 2.0
Windows 95 Y2K Update
July 1999
* Internet Explorer 5 Survival Guide
* In Brief
VirusScan 4.0.2 SP2
Internet Explorer 4.0 SP2
June 1999
* IE 5 Bug-Free? Don't Believe It
* Windows NT 4.0 SP5, Already
* Remove Windows 98 and Office 97 IDs
* No Trojan Horse in Adobe Acrobat
May 1999
* Last Rites and Fixes for the 4.0 Browsers
* Grim Fandango 1.01
* Outlook 98/97 Archive Jive
* In Brief
Kodak Power Supply Recall
April 1999
* Don't Let Bugs Muddle Your Taxes
* Office 97 Still Hackable
* Quicken 99 Problems Persist
* In Brief:
Timeslips Away
March 1999
* VirusScan 4.0 Needs Its Shots
* Even Excel Is a Bit Insecure
* In Brief:
Quicken 99 Now More Divine
WordPerfect Suite 8, Service Pack 5
February 1999
* McAfee Utilities Just Don't Get Along
* The Siege of Internet Explorer 4
* Umax Scanner Driver: Correction
* In Brief:
Is QuickTime Flakiness Apple's Fault?
January 1999
* IE and Navigator Patch Things Up
* Quicken 99 Not So Divine
* Windows NT 4.0 Service Pack 4
* In Brief
NU You See It, NU You Don't Win
Batch 98 Out
December 1998
* Got Them Old Office 97 Blues Again
* More Browser Security Flaws
* Windows 95 Stumbles Over K6-2
* In Brief
Money 99 Update
Ditto Tools
November 1998
* The Real Windows 98 Service Pack
* More Service For Office 97
* Norton Gives Windows 98 Grief
* IE 4.0: Two More Patches
* In Brief
DUN 1.3 at Last
Navigator 4.06
October 1998
* You've Got Mail! (Boom)
* Troubleshoot Windows 98 Power Problems
* In Brief
Ditto Max vs. Windows 98
IntelliPoint 2.2
September 1998
* Redmond, We Have a Problem (Windows 98)
* Laptops Not Ready for Windows 98
* Beat the 98 Hardware Blues
* In Brief
Windows 98's Nasty Explorer Bug
August 1998
* Zip, Buz, Splat! More Iomega Trouble
* Outlook 98: Encryption Roulette
* In Brief
Compaq BIOS Breaks NSTL Millennium Bug Test
July 1998
* All Microsoft, All of the Time
* It's Still a Patch: IE 4.0 Service Pack 1
* Office 97 Service Release 2, Mystery Fix
* In Brief
Dial-Up Networking 1.3
DirectX 5.2 and Beyond
June 1998
* Netscape: The One After 4.04
* Windows 95 More Ready for 2000
* Windows NT 4.0 Service Pack 4
* In Brief
Nuts and Bolts 1.04
RegClean 4.1a
IE 4.0 PowerToys Redux
May 1998
* Zip Drive Death Click Is for Real
* AOL's Instant (Insecurity) Messenger
* Money 98 in a State
* In Brief
Norton Utilities 3 LiveUpdate 3
Word 97 Grammar Checker Fixed
Windows NT/Zip Disk Clash
April 1998
* First Aid 98 Gets a Little First Aid
* Taxes Keep Going Up
* Browser Bugs for 1998
* In Brief
Microsoft Releases Two Flight Simulator 98 Patches
Stay Safe in Quake II
March 1998
* Norton 3.0: New, Improved, Buggy
* Internet Explorer 4.01: Still Buggy
* Keep Your Old WordPerfect in Shape
* In Brief
Tomb Raider II, Patch 1
Drive Image 1.01
February 1998
* Pentium Bug, Meet the IE4 Flaw
* Navigator 4.04 Cures Java Jitters
* Bugs Driven From Riven
* In Brief
WordPerfect Suite 8 Service Pack 3
Dell Recalls Latitude AC Adapters
January 1998
* Internet Explorer 4.0, Problem Child
* Excel 97 Doesn't Count
* In Brief
Navigator Hits 3.04
IE 3.02 Bell Labs Patch
Panasonic Big 5 Trouble
December 1997
* K6 Bug Plagues Propellerheads Only
* Western Digital Quiets Clunking Drives
* PCCrypto 2.1: No Strength in Numbers
* In Brief:
RegClean Out for Repairs
PartitionMagic 3.04
November 1997
* Corel Perfects WordPerfect Suite 8
* This Month's Browser Bugs
* Nuts & Bolts Requires Even More Tightening
* In Brief:
Office 97 Service Release Interruptus
Catching Up With Corel
October 1997
* Office Update--Old Patches, New Pack
* Lotus Smartsuite 97 Seasonal Updates
* JavaScript Security Flaw
* PaperPort Driver Update
* NT Fix Blocks Server Crashes
September 1997
* Communicator 4.01--No Small Fix
* More Security Patches For Windows 95
* Helix Tightens Nuts & Bolts
* WinFax Pro 8.01
* QEMM 8.03
* Paint Update Cures Office 97 Clash
August 1997
* Fake AOL Freebie Deletes Files
* IE's Presentation Security Hole
* Windows NT Service Pack 3 on the Way
July 1997
* Outlook 97 Patches Privacy Problem
* First Aid 97 Clashes With Office 97
* Norton's Insecure Utilities
* Procomm Stomps a Bug Swarm
* PartitionMagic 3.03
* New Matrox Drivers
June 1997
* Internet Explorer Security Flaws
* Shockwave Security Hole
* Motorola Replaces Lagging 56-Kbps Modems
* QuickView Plus Patch
* OmniPage and NT Won't Talk
May 1997
* Quicken Wins Some, Loses Some
* Active X Wake-Up Call: Set Security To High
* FAT32 Health Hazards
* In Brief :
PageMaker 6.51
PC-cillin: One Step Forward, One Step Back
April 1997
* Norton Utilities 2.0 Comes of Age
* Partitionmagic 3.02
* The Most Taxing Of Bugs
* The Enhanced Enhanced Cu-SeeMe 2.1
* In Brief:
NT 4.0 Service Pack 2 and More
Quicken Family Lawyer 7.0
March 1997
* More Patches for Windows NT 4.0
* Help For Helix Hurricane 2.0
* In Brief:
* LapLink for Windows and WebEx Upgrades Warp CHKDSK Error Fixed
February 1997
* NT 4.0 Bogs Down on Some Cyrix CPUs
* False Alarms with Norton Antivirus
* New Sound Blaster Drivers
* In Brief:
Get the Right PC-Cillin 95 Update
Corel Click & Create 1.01
January 1997
* Microsoft, Netscape Fix Buggy Browsers
* Windows NT 4.0 Service Pack 1
* Color QuickCam 2.0.2
* In Brief:
Descent II 1.1 and Virge 3-D Updates
December 1996
* First Bug Bites Windows NT 4.0
* Warp 4.0 Isn't Spared Either
* First Aid 95 Gets Better
* Compaq Presario MediaPilot Patch
* In Brief:
Lantastic and ModemShare
November 1996
* Internet Explorer 3.0 Debuts With Holes
* More IE Problems
* Dell Latitude XP Portable and PC Cards
* Faulty RAM Upgrades for Toshiba Laptops
* In Brief :
Cardinal Modem Flash ROM Upgrades
October 1996
* USR Sportster Pausing Bug
* Excel Macro Virus
* MS Fax Cover Page Fix
* Windows 95 Fdisk Patch
* Windows 95 Backup Patch
September 1996
* Exchange Updates
* Windows 95 Password Cache Fix
* Netscape Navigator 2.02
* USR WinModem 33.6 Upgrade
* Micron BIOS and Video Upgrades
* Symantec FTP Server on the Move
August 1996
Windows 95 fdisk bug
July 1996
* Windows 95 Winsock Leak
* Norton Navigator 95.0.b
* PC Anywhere32 patch
* Winfax Pro 7.02
June 1996
* Navigator 2.01
* Word 7.0a
* Intellipoint 1.1
May 1996
* Norton Utilities 95
* QEMM 8.01
April 1996
* Turbo Tax
* Tax Mate
* Tax Cut
March 1996
* Windows 95 Security Fix
* Quicken for Windows 5.0
* Cleansweep 95
February 1996
* Toshiba/Windows 95
* Excel 95/5.0
January 1996
* Windows 95 Security Hole
* Norton Navigator 95.0.a
December 1995
* PCI/IDE Drive bug
November 1995
* Intel Zappa board bugs
· 2003
· 2002
· 2001
· 2000
· 1999
· 1998
· 1997
· 1996
· 1995
· 1994
· 1993
· 1992
· 1991
· 1990
· 1980's
· 1970's & earlier
January 6: "Memphis" (Windows 97?) enters testing with "Developers
Release."
January 13: Microsoft releases Service Pack 2 for NT 4.
January 19: Office 97 Ships.
February: Intel releases 233 MHz Pentium Pro.
February 5: Information and Interactive Services Report says 18 million
people were using the Internet by the end of 1996.
February 7: Microsoft quits developing NT for the PowerPC.
February 17: Exchange Server 5.0 released.
February 24: Microsoft released IE 4.0.
March 25: IE 3.02 released.
April 25: Wolfpack Beta 2 released.
April 28: NetMeeting 2.0 ships.
April 29: Business Week reports that 40 million people are "surfin the
'Net.
May 5: Pentium II floating point error reported.
May 12: Microsoft announces that it is developing thin client support
for Windows NT with the help of Citrix Systems, Inc.
June 27: Microsoft releases Beta of Internet Information Server 4.0.
July: Site Server 2.0 ships.
July 14: Microsoft releases Beta of Proxy Server 2.0.
August 4: DirectX 5.0 ships.
August 6: Microsoft releases Office 97 Service Release 1.
September: Microsoft unveils Beta 1 of Windows NT 5.0 at the
Professional Developers Conference.
September 16: Windows NT Server 4.0 Enterprise Edition released to
manufacturing.
October: Windows NT 4.0, Enterprise Version ships.
October 3: IE 4.0 released - 1 million downloads reported in first 24
hours.
October 8: Proxy Server 2.0 ships.
October 14: Windows CE 2.0 ships.
October 22: Small Business Server ships.
November 5: NetMeeting 2.1 released.
November 17: Exchange Server 5.5 is released.
November 17: Windows NT 4.0 Workstation sales hit 11 million.
November 21: Beta 1 of "Hydra" (Terminal Services for NT 4) released.
December 1: SNA Server 4.0 is released.
December 2: IE 4.01 released.
December 2: Windows NT Server 4.0 Option Pack is released.
December 9: Microsoft BackOffice Server 4.0 is released.
December 11: Service Pack 3 for SMS 1.2 released.
December 15: Beta 2 of Windows 98 released.
December 19: Service Pack 4 for SQL Server 6.5 released.
December: Microsoft announces it has shipped 1.3 million copies of NT
Server.
Date Unknown: Intel introduces the Pentium II processor.
Date Unknown: AMD introduces the K6 processor.
Date Unknown: Cyrix releases the 6x86MX processor.
Sources
1 - Winmag.com
2 - WinInfo
Disclaimer: I have taken every effort to research and credit the
original source of this information. However, I cannot guarantee that
all of the dates and information are complete or correct.
Erik Funkenbusch
> I think one of the reasons I remember this so well is that I had 3 or 4
> Cyrix machines that litereally melted after I installed SP2.
So now we get to the root of the problem. You had a problem with NT on a
Cyrix CPU, and your imagination generated an fake "lawsuit" because you
assumed it had to be Microsoft intentionally doing something.
There was a known flaw in the Cyrix CPU, and NT had a bug that tripped over
that flaw. There was no lawsuit. Microsoft simply issued a patch.
By the way, you might want to look up the term "literally". I assure you,
your PC's did not "melt".
> Here are some references to the problem:
The "problem" is well known. There was, however, no lawsuit as you keep
trying to pretend. It's just ludicrous. What possible reason would
Microsoft have to intentionally "destroy" Cyrix chips? Microsoft does not,
and never has, made microprocessors and doesn't compete with Cyrix. There
is simply no motive.
> http://www.info.uvt.ro/~lcucu/htmldocs/toms/cpu.html#The%20Cyrix
>
> Documentation of the F00F bug
The FOOF bug was a pentium bug, Rex. Stop trying to "pad" your argument
with irrelevent links.
> Published November 1997
> http://linuxmafia.com/faq/Hardware/f00f-bug.html
Another irrelevent link, just you trying to pad your argument.
> Here's something in German:
> http://web.archive.org/web/20031005151143/www.heise.de/ct/97/13/030/
According to a google translation, this documents the Cyrix flaw, and
doesn't even mention Microsoft.
> (Germany doesn't allow Microsoft or others to surpress "Benchmarks" and
> other damaging information).
Doesn't stop you from trying to imply that the above article does mention
the "supposed" lawsuit, which it doesn't.
> Service Pack 3 was released May of 1997 (according to Wiki)
> http://en.wikipedia.org/wiki/Windows_NT_4.0
Indeed. And, it included a hotfix that had been released earlier.
> Cyrix was purchased in a takover by National Semiconductor in November
> of 1997.
So what? What does that have to do with you substantiating your claim?
> Later National Semiconductor sold the Cyrix operation to VIA - who now
> makes the chips used in a number of Low-End Linux PCs including those
> marketed by Walmart, Staples, and Fry's.
And? What's your point?
> This may have been part of the indisclosed settlement:
> http://www.windowsitpro.com/Article/ArticleID/17458/17458.html
Oh, it "may" have? You haven't even been able to substantiate that there
*WAS* a settlement, much less that it was "undisclosed".
[more irrelevant stuff deleted\
> Of course, we know that Windows NT 5.0 wasn't released for almost
> another 3 years - as Windows 2000.
So what?
> Here's reference to the infamous F00F bug:
Why do you keep bringing up the FOOF bug? It has nothing to do with this
Rex, you're just trying to "baffle with bullshit".
> Unfortunately, the links to which this referred have been "updated".
>
> Paul Thurrott's articals only go back to September 29, 1997 - This
> incident would have happened around July of 1997.
I notice that you completely deleted the context of the message of mine
that you're responding to, so I'll issue you my challenge again (which you
are conveniently ignoring).
If, as you say, there are references ot this alleged lawsuit in print
publications, provide a cite. I will look it up. Provide the cite, and
stop the hand waving.
> It really took some digging just to find CACHED references to any of
> this.
No, it doesn't, because none of what you've provided mention a lawsuit. At
All.
[rest of completely irrelevant article snipped]
I did not ask you to prove there was a bug with the Cyrix chip, Rex. That
is well known. I asked you to prove your claim of a lawsuit and settlement
between Microsoft IBM and Cyrix. Prove that it even EXISTS. You don't
have to come up with the terms, which you claim are undisclosed. Just any
reference that it actually HAPPENED.
And stop trying to baffle everyone with reams of irrelevant crap. You're
just making even more of a fool of yourself.