September 25[edit]

On any given day, as I understand it, Windows has about half a dozen "zero-day" security vulnerabilities that can be used to take over any computer running Windows anywhere in the world — so far as I can tell, this will be true in perpetuity.

Now according to [1], a set of "undisclosed vulnerabilities" were used to infiltrate Iranian computers for the purpose of doing damage to industrial facilities, which is believed to have originated in some nation state.

Does the news surrounding this event rise to the level of demonstrating that the vulnerabilities are officially tools for the U.S. government, rather than random errors? Wnt (talk) 06:06, 25 September 2010 (UTC)[reply]

No. The holes used by the Stuxnet worm have been patched. The vulnerabilities are not "undisclosed." Microsoft patches all major holes within about a month after they are discovered. (See Patch Tuesday.) Most attacks are directed against browser plugins, like Adobe Reader and the QuickTime Player, which are not maintained by Microsoft. Other viruses are executed on purpose by users, who download and execute the virus because they think it is something else (e.g., free software), or because they are spies trying to infect their employer's computers. The latter is almost certainly the case of Stuxnet. It is introduced to a network using a USB stick, meaning you need a spy to insert one into a computer on the local network for a plant. I'm not sure what you mean when you stated, "this will be true in perpetuity." As I said above, all serious holes are actually patched and it is almost impossible nowadays for a script kiddie to remotely infect an up-to-date machine running Windows XP or later. Whoever wrote Stuxnet almost certainly came across the vulnerabilities using trial and error.--Best Dog Ever (talk) 06:32, 25 September 2010 (UTC)[reply]

But note that a successful attack via a browser plugin requires both the browser and the OS to be buggy, and both are under Microsoft control. A proper browser will not allow a plugin to execute arbitrary code. A proper OS will not allow a browser plugin to execute arbitrary code, either. Yes, that means we have no proper OSes, but some are less improper. --Stephan Schulz (talk) 09:48, 25 September 2010 (UTC)[reply]

Microsoft is responsible for making sure Firefox, Chrome or Safari are proper browsers? Nil Einne (talk) 18:06, 25 September 2010 (UTC)[reply]

Note that the essential problem with having "purposeful" security vulnerabilities of that sort built into all copies of a OS is that the costs would likely be much higher than the benefits. On the off-chance that nobody noticed them and Iran didn't patch them, they would make vulnerable a huge amount of US and allied software. That's not so great. Now it certainly is the case that the US government investigates security vulnerabilities and stores up "hacks" for a rainy day, and that's what your article is about. (Bruce Schneier has written on this a bit, as well.) No doubt other nations do the same thing (it's pretty well established that China and Russia have excellent hacking capabilities, and part of that is having a list of vulnerabilities that have not yet been made public.) And it's definitely the case that the US government has a history of writing bugs/backdoors into specific systems that it makes available for export. (See Siberian pipeline sabotage.) But to say that all Windows bugs/vulnerabilities are there because of the US government wanting them is silly and unlikely. --Mr.98 (talk) 12:48, 25 September 2010 (UTC)[reply]

You might be interested in _NSAKEY. Some people said this was a US government backdoor in windows, MS denied it. Tinfoilcat (talk) 16:56, 25 September 2010 (UTC)[reply]

You're looking for articles such as Computer surveillance, Backdoor (computing), Cyber spying. It's probably likely there are certain "bugs" intentionally placed, but there are equally as many that are actual bugs due to incompetence.Smallman12q (talk) 19:57, 25 September 2010 (UTC)[reply]

Here are two relevant links.

• Microsoft intentionally keeps the front door of Windows XP unlocked and wide open. For which purpose?
• How dangerous is Windows XP for the United States?

—Wavelength (talk) 20:19, 25 September 2010 (UTC)[reply]

Why are you linking paranoid articles about computer software on the website of a business that sells mail-order diet products? -- BenRG (talk) 21:06, 25 September 2010 (UTC)[reply]

I added links to articles which I believe are relevant to this discussion. Your use of the word "paranoid" suggests that the articles are incorrect. Selling those products is irrelevant to whether the articles are correct and relevant. (I did not intend to introduce spam, and I did not take the time to check that feature before posting the links.)

—Wavelength (talk) 21:28, 25 September 2010 (UTC)[reply]

To be fair, Microsoft with its Windows backdoors isn't alone. Apple has been shown to have certain backdoors, as well as other major software retailers. The question that arises is whether or not it was intentional, and for how long the "glitch" was known.Smallman12q (talk) 02:11, 26 September 2010 (UTC)[reply]

I have a new memory-intensive game, which is running too slowly for my liking. I've got 2Gb of RAM, but I note even when the game is struggling, the task manager indicates it is using about 900Mb. Since I'm not running much else at the same time, is there any way I can increase this? Grandiose (me, talk, contribs) 09:56, 25 September 2010 (UTC)[reply]

If there is free memory, and it's not taking it, then likely it doesn't need it, and your assumption that the slowness is due to memory problems is thus likely false. -- Finlay McWalter ☻ Talk 10:10, 25 September 2010 (UTC)[reply]

If the game is not utilizing your full physical memory space, you should make sure you have the latest DirectX version capable for your graphic card installed, or considering upgrading your graphic card to a better one. Sir Stupidity (talk) 00:44, 26 September 2010 (UTC)[reply]

I want to exclude a single url from wget when doing recursive retrieval. The problem is, everything I've tried has also excluded other urls. For example, I want to exclude http://example.com/a so with the --reject option I tried:

-R a
-R "a"
-R "*/a"
-R http://example.com/a
-R "http://example.com/a"

but

http://example.com/a
http://example.com/ab
http://example.com/abc
http://example.com/abcd
http://example.com/abcde
http://example.com/abcdef
etc

are also excluded. How do I make wget exclude just that one url without affect others? 82.44.55.25 (talk) 15:35, 25 September 2010 (UTC)[reply]

Try "http://example.com/a$" (the $ matching the end of line) 94.168.184.16 (talk) 20:15, 25 September 2010 (UTC)[reply]

Thanks but it didn't work. I'm on Windows if that makes a difference 82.44.55.25 (talk) 21:33, 25 September 2010 (UTC)[reply]

wget's file type patterns don't offer full regex syntax. But take a look at this. It looks like you can combine reject and accept statements, so if you had "-R example.com/a -A example.com/a*", it should accept all the things in your second list. I think. I'm not sure whether order is important. Indeterminate (talk) 16:23, 26 September 2010 (UTC)[reply]

Thanks, but that didn't work either :( When I tried it, wget rejected "index.html" for some reason and the download stopped at that point. 82.44.55.25 (talk) 09:57, 28 September 2010 (UTC)[reply]

I am currently trying to install CNC Tiberian Sun on my computer. I have a a antivirus system through my ISP (Wild Blue) on my computer. It thinks its a trojan. Here is the message: "Real-time access has blocked access to Trojan-Downloader:W32/Renos.gen!Q virus was detected as a potential security threat. It is a read-only file. File: game.exe Path: F:/install 12.213.80.54 (talk) 18:26, 25 September 2010 (UTC)[reply]

If you downloaded CNC Tiberian Sun from a torrent, or you got your copy from a friend's hard disk, then it might indeed be a trojan. Delete it. If you got it from an original disc or you bought it via Steam or some other legitimate electronic download system, then your solution is just to turn off the virus checker, install, then re-enable the virus checker, and if possible configure the virus checker to not check the CNC Tiberian Sun folder anymore. Comet Tuttle (talk) 21:00, 25 September 2010 (UTC)[reply]

Two users work on one (windows XP) PC with one user account. Because there are two facebook accounts, there is a lot of logging off and logging back in again. Is it possible to make a favorite/bookmark that will do the entire login process as a single URL? -- SGBailey (talk) 21:24, 25 September 2010 (UTC)[reply]

If snooping/impersonation isn't a concern, one of you could log onto Facebook with only one browser, say, Mozilla Firefox; and the other could log on only with a second browser, say, Google Chrome; and leave cookies on and so forth for Facebook and you would each never have to log on or off again. Comet Tuttle (talk) 06:22, 26 September 2010 (UTC)[reply]

At least some of the major browsers support multiple profiles with different cookies, bookmarks, history, addons, etc., independently of Windows/Linux/Mac user accounts. See here for example. Alternately, here's a Firefox extension that does more or less what you want. -- BenRG (talk) 07:09, 26 September 2010 (UTC)[reply]

Why not create a second user on the PC? You will then have separate internet favorites, cookies, history and so on. Astronaut (talk) 10:48, 26 September 2010 (UTC)[reply]

Sounds like it isn't possible with MSIE then. Ah well. Thanks folk. -- SGBailey (talk) 20:00, 26 September 2010 (UTC)[reply]

Should work fine if you use two Windows user accounts. It's true IE doesn't support seperate user profiles outside of user accounts AFAIK, probably because MS tries to encourage people to use the OS feature. Barring that, it's possible using some sort of cookie manager would work but I haven't tried Nil Einne (talk) 21:02, 26 September 2010 (UTC)[reply]