Google Disclosing Windows 10 vulnerabilities to protect users

dmex · 01 Nov 2016

This vulnerability is particularly serious because we know it is being actively exploited.

If the vulnerability is "particularly serious" then how about identifying the software that's exploiting this 'vulnerability'? Stating that "we know it is being actively exploited" without identifying the malicious software is highly dubious and can't be taken seriously.

All this does is prevent administrators and users from checking their networks and machines for that software, allowing it to continue exploiting their networks and machines while also preventing security companies from creating signatures for that malicious software.

Considering all they've done is disclose the vulnerability without also disclosing the software that they "know" is actively exploiting the vulnerability makes "Google Disclosing Windows 10 vulnerabilities to protect users" nothing but a sad sick joke.

TairikuOkami · 01 Nov 2016

There is no particular software using this, any malware can use it, since it is in the wild.
Besides, Google has provided the info in the link, how to prevent it, since MS did not.

dmex · 01 Nov 2016

TairikuOkami said:

There is no particular software using this, any malware can use it, since it is in the wild.

You're missing the bigger picture... before Google disclosed this publicly it was only a very limited number of malicious programs that knew about and exploited the vulnerability and only now that Google shared those details can "any malware can use it".

Since Google has not shared information about the software they "know" to be actively exploiting the vulnerability:
* Enables existing malicious software to continue exploiting machines, stealing data or preform other malicious actions.
* Prevents administrators from checking their networks and machines for that malicious software.
* Prevents anti-virus and anti-malware software from creating signatures to detect and remove that malicious software.

Microsoft had just 10 days before Google publicly released details about a "particularly serious" exploit and are also withholding information about the software they "know" to be actively exploiting the vulnerability... whom exactly does this help??

Googles actions are disgusting and are causing maximum damage to users by withholding information that would enable users and administrators to detect and remove that malicious software while also preventing anti-virus and anti-malware software from creating signatures.

TairikuOkami said:

Besides, Google has provided the info in the link, how to prevent it, since MS did not.

Google has not shared anything that would in fact protect users and companies from existing malicious software that is already exploiting the flaw, let alone help anti-virus and anti-malware software protect users.

Adding insult to injury that flag can only be enabled by developers, after completely redesigning their software from scratch and after releasing updated versions of that software - months and years down the track.

Cliff S · 01 Nov 2016

Just another good reason to: GET RID OF FLASH PLAYER!:)

If you can't uninstall it(I'm watching you Win10) at least set it to Click-To-Play/turn off.
One of the worst decisions Microsoft ever made is "forcing" Flash Player on Windows 10 users.

Flash Player is dead.
Its time has passed. It's buggy. It crashes a lot. It requires constant security updates. It doesn't work on most mobile devices. It's a fossil, left over from the era of closed standards and unilateral corporate control of web technology. Websites that rely on Flash present a completely inconsistent (and often unusable) experience for fast-growing percentage of the users who don't use a desktop browser. It introduces some scary security and privacy issues by way of Flash cookies.
Flash makes the web less accessible.
At this point, it's holding back the web.

Why, you ask? Why does it matter, when Adobe has already neutered the platform by publicly killing Flash on mobile devices? Why does it matter when HTML5 has clearly won the fight for the future of our web browsing? Well, as we've seen with other outdated web technologies (most notably the much-lamented Internet Explorer 6), as long as software is installed on machines, there will be a contingent of decision makers who mandate its use, and there will be a requirement of continued support, the plugin will live on, and folks will continue to develop for it. Also, for unknown reasons, Adobe is still sticking with Flash as a desktop browsing technology.

Disabling Flash Player in your browser will likely mean that some of the sites you use regularly are less usable (We're looking at you, Google Analytics. For shame!).

Occupy Flash - The movement to rid the world of the Flash Player plugin.

TairikuOkami · 01 Nov 2016

I can not say, that I share that. For me flash always worked, unlike HTML5.

Its time has passed. It's buggy. It crashes a lot. It requires constant security updates. It doesn't work on most mobile devices. ... It introduces some scary security and privacy issues by way of Flash cookies.

I have not seen flash to crash in years and I always use the latest beta version.
Anything being used is targeted, but flash can be easily blocked, HTML5 can not.
HTML5 generally uses more CPU/GPU than flash, so it is bad, especially for slow devices.
"Flash introduces security and privacy issues." HTML5 has more features, needless to say more?

Steve C · 01 Nov 2016

Cliff S said:

Just another good reason to: GET RID OF FLASH PLAYER!:)

If you can't uninstall it(I'm watching you Win10) at least set it to Click-To-Play/turn off.
One of the worst decisions Microsoft ever made is "forcing" Flash Player on Windows 10 users.

Occupy Flash - The movement to rid the world of the Flash Player plugin.

I can't uninstall Flash but it's turned off in IE & Edge - is that what you mean?

BunnyJ · 01 Nov 2016

I would love to get rid of flash but my Sirius Online uses flash.

BunnyJ · 01 Nov 2016

Steve C said:

I can't uninstall Flash but it's turned off in IE & Edge - is that what you mean?

I think he's referring to the separate instillation of Flash. I have to install it to use Sirius Online. Sucks..

Cliff S · 01 Nov 2016

Steve C said:

I can't uninstall Flash but it's turned off in IE & Edge - is that what you mean?

BunnyJ said:

I think he's referring to the separate instillation of Flash. I have to install it to use Sirius Online. Sucks..

The integrated one on Windows 10, I have turned off, and I do not have it installed for Firefox.
Originally I didn't install it in Firefox anyhow, because that's only a backup browser for me, and it reduced auto playing "flash player ads"

by not having it installed, well now they use HTML, those auto playing ads now persist

In IE it's set at click to play, in Edge, it's turned completely off.