July 15, 2005

Cavuto Shares BizzyBlog’s Frustration with Economic Reporting

Filed under: Economy,MSM Biz/Other Bias — Tom @ 11:33 pm

What he said. (HT Right Wing News)

Neil Cavuto of Fox is frustrated, to say the least, that good news is bad news, and rips the Mainstream Media’s business reporting. The last few paragraphs moved the Gripe-ometer into the red zone:

…. Would it kill us to admit that’s because more people are working and more people are paying taxes, so the pie just got bigger? No, we curse the pie and dish out the crap. How’s that for flaky?

In economic news, that’s not being fair and balanced.

Now, I’m not saying, don’t report the bad stuff. Just don’t make it seem like that’s the only stuff.

So, here’s what I say to some of my colleagues in the press: If you want to be the miserable wretches you are, feel free. Just leave us out of it.

Like I said, you’re free to be the jaded, warped, twisted, negative, disingenuous, smarmy bastards you are. And we’re just as free to ignore you.

Because all the news that’s fit to print shouldn’t be all the news that’s fit to tint.


- (April 29) Kudlow rips the “soft economy” talk.
- (May 2) BizzyBlog on the origins of business reporting bias.
- BizzyBlog and Kudlow vindicated not just once (May 26), but twice (June 29).

UPDATE: Official Outside the Beltway Traffic Jam, Wizbang Carnival, and Jawa Report Fatwa participant.

Patches Galore: What Should You Do?

The ongoing war pitting operating system and software vendors against the hackers and identity thieves of the world has led to a seemingly unending stream of software patches and security updates.

Microsoft has, mostly deservedly, caught the most heat for the vulnerabilities in its Internet Explorer browser, Windows operating system, and even in its Office productivity suite. Eweek describes the latest deluge:

As part of its monthly patching cycle, Microsoft shipped three security bulletins, all rated critical, including patches for a bug in the JView Profiler (Javaprxy.dll) that was being exploited via the IE browser.

The July batch of patches also includes fixes for serious hole in the widely deployed Microsoft Word desktop productivity program and the color management module in the Windows operating system.

…. The software giant also provided patches for a “critical” vulnerability in Microsoft Word 2000, Microsoft Word 2002 and the Microsoft Works productivity suite.

Despite the plethora of patches, an otherwise unprotected PC Has a 50-50 shot of infected by a computer virus or spyware in 12 Minutes:

The number of new viruses, worms, and Trojans are up nearly 60 percent in the first half of 2005, a U.K.-based security company said Wednesday, while the length of time an unprotected PC survives on the Internet has shrunk to a measly dozen minutes.

Sophos reported that it had pinpointed 7,944 new pieces of malicious software in the first six months of the year, an increase of 59 percent compared to the first half of 2004.

The firm’s researchers tracked an even larger spike in the number of keylogging Trojan horses. According to Sophos, that category has tripled in number.

“We are seeing a large amount of new Trojan horses on a daily basis, representing what may be the most significant development in malware writing,” said Gregg Mastoras, a Sophos senior security analyst, in a statement.

Keyloggers are increasingly used not only by spyware criminals, but by general hackers as well.

Keyloggers, a major tool of computer-savvy identity thieves, record every keystroke you enter on your computer, including user names and passwords, and relay reports of those keystrokes back to a remote location.

Microsoft gets the bad press because they’re so dominant, but other vendors are having problems too. Just this week, Apple had to do some serious patching to its brand-new Tiger operating system, leading me to wonder if its vaunted safety is all it’s cracked up to be:

Apple Computer Inc. has released an update for its Mac OS X 10.4 operating system that fixes two security flaws, including one that potentially opened the platform up to a denial-of-service attack.

Mac OS X Update 10.4.2 addresses an issue with the operating system’s TCP/IP stack, which allowed a specially formed TCP/IP packet to cause a kernel panic, requiring the system to be rebooted. Apple notes that systems with many forms of TCP/IP filtering would be unaffected by the issue, which only affects Mac OS X 10.4 Tiger and Mac OS X Server 10.4.

The update also fixes a potential issue with Dashboard, in which third-party Widgets were allowed to replace Apple-supplied ones that are shipped with OS X 10.4. This could have meant that users were not aware that they were running third-party code, which, in turn, could have led to users trusting behaviour from the Widget that they would not otherwise accept. The update alerts users if a download is replacing an Apple-supplied Widget.

Corporate customers of the larger software system vendors are having patch headaches too:

According to a database maintained by the U.K.-based NISCC (National Infrastructure Security Co-ordination Centre), a total of 14 high-profile software vendors, including several Linux distributors, pushed out security updates between July 11 and 12, a deluge that caught enterprise IT administrators off guard and unprepared.

“Tuesday was a really, really rough day. We were prepared for Microsoft and Oracle, but to have Mozilla, Apple and others throw in important updates on the same day … it became a total nightmare,” said Mike Murray, director of vulnerable and exposure research at nCircle Inc.

The article goes on to note that Oracle recently issued 49 patches to its database server software in one fell swoop!

What’s going on here, and what should you do?

  • In my opinion, what’s going on is that vendors, under pressure to release new programs and updates, have become very lazy, essentially relying on users and security companies to identify flaws and vulnerabilities so they don’t have to, and in turn relying on their “we’re not responsible for anything” disclaimers to protect themselves legally. This is a weak business practice, but it appears that everybody who is anybody is doing it, and that it’s not going to change any time soon.
  • Microsoft program users who connect to the Internet at all need to walk away from older versions of Windows, Explorer, and Office, get totally current, and stay totally current, including downloading all patches when released. The old programs are just too buggy, and the folks in Redmond are already taking steps to pull away support from older versions.
  • Having said that, when Microsoft releases Longhorn in 2020 (just kidding, the target is still apparently sometime in 2006, though there are supposedly reliable rumors that it has slipped into 2007), I would consider waiting 3-6 months to install it so that the major security flaws are identified and eliminated. Microsoft’s poor security track record merits this very cautious approach. I would take the same attitude towards any major release of Windows, if, as rumored, Microsoft take such a step to buy more time for Longhorn.
  • This wait-and-see attitude is a good idea any time a major release of software with potential security vulnerabilities occurs. I bought Mac OS Tiger a few weeks ago but didn’t install it; based on what Apple has had to do to cover its security problems with Tiger, I’m glad I haven’t, and will probably wait a few more weeks.
  • If you’re in the Windows world, consider using a browser other than Explorer, such as Firefox or Mozilla. Though none are perfect, the non-Explorer browsers have had fewer and less serious security vulnerabilities.
  • Keep your firewall, antivirus, and antispyware software current. Periodically use those programs to check your hard drive to see if anything has slipped through.