Maximum PC bugs RSS Feed

The Bane of Open-Source Bugs

David Murphy — Thu, 19 Mar 2009 13:34:27 -0500

So you've just downloaded that hip new open-source replacement for your favorite paid-for application and you're ready to crack it open and unleash all the awesome community-driven features contained inside. Well, if this application is Songbird, you might want to hold off for a moment. A recent blog post by the application's developers has revealed that the media player's iPod add-on does more than just transfer music to your device. It also has the potential to corrupt or otherwise delete music straight from your hardware device. Yikes!

It's not the first bug to hit an open-source project (duh), but it nevertheless shows that even community-driven software isn't impervious to game-breaking problems. Consider Android, Google's open-source mobile operating system released as part of T-Mobile's G1 line of phones. In early November, enthusiasts discovered a fatal bug in the software, one that allowed any user to gain root access to the device. How was that? Well, upon loading the OS, the phone would fire up a command prompt. Anything you subsequently typed into the phone -- in a text message, in an Internet browser, anything -- would be treated as an entry in this command prompt. Pick the right word, like "reboot," and your phone would perform that action as a superuser. Whoops!

We could repeat this exercise for any number of interesting (and hilarious) open-source bugs. But here's the kicker: as extensive as these bugs might be, the very nature of open-source, community-driven development can help close these holes much faster than their retail counterparts. In the previous Songbird situation, the bug has been reported and a fix has been found--presumably it'll be released in the next release of Songbird.

According to a report by Secunia, a vulnerability research company, Mozilla's Firefox Web browser contained 115 reported flaws in 2008. That total beats out the combined reported flaws of rivals Internet Explorer, Safari, and Opera, with each individually capping out in the low 30s. That said, Mozilla was faster at fixing publicly disclosed Firefox flaws than Microsoft with its Internet Explorer browser (the only other application considered for this measurement). It took Mozilla anywhere from 15 to 86 days to fix these zero-day vulnerabilities. For Microsoft, patching flaws ranging from "less critical" to "high" in severity took anywhere from 78 days to 294 days.

It would be incorrect to take these figures and issue a blanket proclamation that open-source software is faster at fixing its problems than free or retail equivalents. It's still an interesting note, especially given the popularity of these two programs--Songbird's being heralded as an open-source iTunes and Firefox is still chipping away at IE's market share. Open-source bugs might really rain on a user's day, but that doesn't mean that they'll stay there for long. In some cases, your closed-source software might fare far worse.

TED 2009: Bill Gates Releases More Bugs into the Public

Norman Chan — Wed, 04 Feb 2009 19:44:25 -0600

Bill Gates (the philanthropist, not the technologist) capped off the “reboot” segment of today’s TED speeches with a presentation about two of the important global problems the Bill and Melinda Gates Foundation have been addressing since Gates retired from day-to-day operations at Microsoft: eradicating malaria and boosting education.

With regard to the Malaria issue, Gates noted that though the disease claims the lives of one million victims each year, this is a greatly reduced number from when Malaria was a global epidemic a hundred years ago. Now, the epidemic is centralized in poorer countries, whereas first-world nations have largely dismissed the problem. In fact, Gates noted more money was spent on developing baldness medication than on curing malaria – Malaria simply isn’t the rich man’s problem.

Gates then proceeded to release a handful of mosquitoes into the air, joking that there was no reason that only poor people should get malaria. These mosquitoes obviously didn’t carry the disease, though the surprise move drew more than a few nervous laughs from the 1,300 in attendance.

Chris Anderson, TED’s curator, drew additional laughs by proclaiming that no one should be surprised that “Bill Gates released more bugs into the public,” before conducting an interview with Gates while using an Apple Macbook Pro. Do’h.

(image via Flickr)

Grand Theft Auto IV PC Release Full of Bugs

Nathan Grayson — Thu, 04 Dec 2008 00:26:16 -0600

Welcome to the latest installment of Disappointment Theater -- starring Your Life. Today's guest star: Grand Theft Auto IV! Wrecking one of the year's best games definitely seems like an impossible task, so read on and be astonished.

According to Steam's fuming masses, as well as gaming site Shacknews, GTA IV's creepy crawlies are all over the place. Topping players' lists of things not to be thankful for, however, are missing textures (apparently caused by corrupt graphics drivers) and the ever-popular crashing bug, which can potentially keep you from even loading the game at all.

Fortunately, one intrepid Steam user has tossed together a forum thread outlining all known issues and possible fixes, so as a (highly prestigious) reward we're putting his name on the site. Thanks, Ramzy!

Additionally, while it's not exactly a bug, the majority of wannabe-crime lords are being forced to run their game of choice at low graphical settings -- a complaint to which Rockstar has issued a response:

"Higher settings are provided for future generations of PCs with higher specifications than are currently widely available," claimed the developer.

Rockstar also released a statement promising that it'll unscrew this pooch as quickly as possible.

So, unless you want to pay $50 for a glorified beta test, wait a couple weeks before taking the plunge.

Weekend Security News: Opera Patches Multiple Bugs in Browser, Critical Vulnerability Found in VLC Media Player

Paul Lilly — Sat, 05 Jul 2008 01:38:29 -0500

This holiday weekend many of you will be kicking back with a cold one, firing up the grill, spectating your local fireworks display, and perhaps catching up on a videogame or two when the festivities all come to an end. But while you're busy unwinding, hackers continue to look for ways to distribute malicious code and exploit vulnerabilities. Don't let what's supposed to be a relaxing weekend turn into a hair-pulling experience because you were caught off guard.

Update to Opera 9.5.1

Opera Software unveiled version 9.5 of its flagship browser less than a month ago, and the first major update is now available. Patching Opera to version 9.5.1 addresses several bugs and stability issues, and at least one "highly critical" vulnerability that could be used to execute arbitrary code. And it's not just Windows users that should install the update, but Mac OS X and Linux lovers too. Areas addressed in the update include:

User Interface
Mail/News
Display and Scripting
Security
Miscellaneous

For a detailed list of fixes, view the 9.5.1 changelog.

Critical Vulnerability Found in VLC Media Player

You've probably heard of the free VLC Media Player, and many of you might be using the open-source program as a Windows Media Player alternative. If so, consider putting VLC on a temporary vacation while a new update gets ready for release, or at least refrain from playing any unknown .WAV files. According to security compay Secunia, the latest version of VLC media player (0.8.6h) on Windows contains a "highly critical" vulnerability in form of an integer overflow error, and by creating a malicious .WAV file, an attacker could potentially take control of the victim's PC. The VideoLAN project knows about the vulnerability and will address it in version 0.8.6i, "which should be available soon," Secunia said.

February 2006 - Are Bugs Killing Your PC?

The Maximum PC Staff — Sun, 06 Aug 2006 08:04:01 -0500

In the PDF archive of the February 2006 issue, you can find:

Dual-Core CPU Preview
Photo Restoration
Squash PC Bugs
Air- vs. Water-Cooling
17 Awesome Product Reviews!
Ask the Doctor
Rig of the Month
The Watchdog
And a whole lot more!

Click the big giant cover image to the right to download the PDF archive today!