ugh, silverlight...

[mmcookies]

ugh, silverlight...

[Evilseed]

Warning - For the time being, DO NOT INSTALL SILVERLIGHT! There are some fantastically huge security complications you open yourself up to by doing so.

My 2 cents: Suvega, building a website which requires the installation of any uncommon software component, insecure silverlight or not, isn't a good idea.

[Suvega]

WTF are you talking about. A) sivlerlight is not uncommon. B) L2windows update.

Furthermore, Link the security article or stop spreading FUD.

[Evilseed]

WTF are you talking about.

Link the security article or stop spreading FUD.

Google.com

[Suvega]

still waiting.

[Suvega]

Warning - For the time being, DO NOT INSTALL SILVERLIGHT! There are some fantastically huge security complications you open yourself up to by doing so.

My 2 cents: Suvega, building a website which requires the installation of any uncommon software component, insecure silverlight or not, isn't a good idea.

Furthermore, before speaking its a good idea to look/research things. I mean a) Security update was done end of october (if you aren't an idiot windows update autopatched your system a bit ago), and b) the website is not designed around silverlight.. ONE component (the wrath guide) has it. Seriously dude, foot + mouth.

And what you were probably refering to (which was old news 2 weeks ago: http://www.microsoft.com/technet/sec.../MS08-067.mspx

Hell at least I fucking linked an article. Better then FUD and "google.com"

[Evilseed]

[quote='Suvega',index.php?page=Thread&postID=146718 #post146718]still waiting.[/quote]

[url='http://Google.com']http://Google.com[/url]

In all seriousness, it isn't hard to research. Silverlight has had an ongoing history of security issues which are easily found by Googling. In addition, it is known to the more 'informed' that Microsoft is discounting multiple exploits current in existence (though not widespread, as with anything powerful, initially only a few will posses it).

Either way, you can err on the side of informed caution or not, the choice is yours. My comments on this thread are at an end. Have a nice day.

[Suvega]

http://Google.com[/url]

In all seriousness, it isn't hard to research. Silverlight has had an ongoing history of security issues which are easily found by Googling. In addition, it is known to the more 'informed' that Microsoft is discounting multiple exploits current in existence (though not widespread, as with anything powerful, initially only a few will posses it).

Either way, you can err on the side of informed caution or not, the choice is yours. My comments on this thread are at an end. Have a nice day.

Google does not equal a security article. Furthermore searching for "Silverlight vulnerability" comes up with nothing relevant.... So? basically you have no basis for your ZOMG WORLD ENDING BAAAAHHH!

This is like saying "ZOMG DON'T GET FLASH BECAUSE OF IT HAVING A HUGE VULNERABILITY A WHILE AGO THAT WAS PATCHED AND ISN'T AN ISSUE ANYMORE, BUT SINCE I'M WORRIED AND MORE INFORMED, BUT YET TOO LAZY TO LINK ANYTHING WORTH NOTE OTHER THEN A SEARCH ENGINE YOU SHOULD BELIEVE ME."

come on man, either link something of note, or kindly gtfo with your F(ear) U(ncertanity) and D(oubt) spreading.

[Vyndree]

Moved the off-topic posts to the off-topic forum where they belong.

As a side note -- imho, if you're using Flash, installing DirectX plugins, Java and you're not concerned with "undocumented security vulnerabilities", then you're biased, and throwing one specific baby out with the bathwater.

You're welcome to be paranoid -- nobody is going to stop you. But to ignore the risk of other not-so-well-supported and not-so-highly-critized software (which leaves more "holes" left to the unknown), that's bias.


Some things to ponder...

Microsoft, as a whole, is a vast company. The team who developed silverlight probably never touched Windows. I should know. I work on Visual Studio and have little to no experience in Windows. I worked in Windows Live and had little to know experience with Office. I'd imagine the team who works on, say, Communicator has vastly different opinions on software security models compared to... say... Excel. I'd think the team who works on Windows Live probably has totally different development priorities and schedules as say... Windows. Do you think the people working on Xbox have the same security issues to face as the people in Word, or Silverlight, or Messenger? Things might overlap here and there, but I laugh when people cry "Microsoft is evil!" because they lack 1) perspective, 2) open-mindedness (after all, it's the cool thing to do to mock Windows -- see the Mojave campaign?), and 3) even criticism of competing products.

http://en.wikipedia.org/wiki/Mojave_experiment

The Mojave Experiment is a technological opposite of a blind taste test, in which rather than removing a product's branding, it instead changed the product's branding to sway the outcome. The point of the campaign is to see what people liked based on the merit of the product "Mojave" alone, misleading the participants by removing the original name; "Vista" from the product. This would prevent the participants from creating bias about the product before using it. The participants were guided through the experiment, allowing them to "test" the new product.

Why do you think it is that an open-source product (such as Linux) gets far fewer targeted viruses? Because the target is so small, the effort of delving in and finding those vulnerabilities doesn't result in much gain (mass hysteria). Linux is open-source, and as a programmer I'd feel much better about trying to find a vulnerability in open-source code rather than try and reverse engineer the inner workings of Windows. But, if I honestly wanted to write a virus -- I'd do it the hard way and target Windows. Why? Not because windows is any less secure -- even if both operating systems were completely identical in security -- more users (especially the "dumb" ma and pa home pc user who will click on any link and download/install whatever gets e-mailed to them) use Windows. I'd have a larger "market" for my virus. So yes, more hubbub happens around Windows. But, like I said -- the devs who wrote Windows are probably not the devs who wrote Silverlight, or Office, or Messenger, or Xbox.

If you can say "Don't install Silverlight! It has VULNERABILITIES that were fixed which means there are MORE!!!" and honestly feel good about installing flash, then your bias has clouded your better judgement. Flash had past vulnerabilities that were fixed. Wouldn't it logically follow that flash would, therefore, be dangerous to install? I mean, flash is far more prevalent than silverlight at the moment -- so if I were to write a virus targeted at media websites, I'd target it towards the larger market.

And if Flash is good, Silverlight is bad -- but both had (and fixed) vulnerabilities... Are you honestly judging the security of a product by its merits, or by its brand name?

Nobody is saying Silverlight is perfect. Just like nobody is saying that Flash is perfect. But, we also don't see people hijacking the multiboxing video threads screaming about flash vulnerabilities whenever someone links youtube -- but we see people screaming the moment Silverlight is mentioned.... Coinkydink?

[davedontmind]

WTF are you talking about. A) sivlerlight is not uncommon. B) L2windows update.

A) It appears to be uncommon on Linux - the microsoft page indicated my browser/OS is incompatible, which I can't say I'm surprised about, but I would be happy to learn otherwise.

B) .. on linux? ... :S

Guess I can't view your guide for now, which is a shame - I was looking forward to taking a look.