mailing list archives
What a difference a char makes...
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 03 Jul 2004 16:59:43 +1200
MS does it again...
I'm not sure whether to laugh or cry.
Actions for Home Users
2. Check for Infection
3. At the command prompt, type:
dir /a /s /b &systemdrive%\kk32.dll
and then press the ENTER key to search your
If the file is present, the file path is displayed. If
the file is not present, a message is displayed
that the system cannot find the path.
There's no prize for spotting the typo, nor for guessing what your
typical home user's reaction will be if they actually follow this
On reflection, perhaps there should be a prize for the latter, as
accurately guessing that could be quite tricky. Due to the error
(repeated in step 4 -- the glories of cut'n'paste...) the user will
receive a possibly quite long directory listing (after all, at least on
Win2K and XP the default directory for the command prompt will be the
current user's "homepath" directory which houses, by default, as one of
its many sub-directories, IE's TIF) followed by the message, as the
very last line of output:
The system cannot find the path specified.
Does MS not employ technical writers?
What about tech reviewers?
What about the age-old publishing concept of having some vaguely
clueful person _who had nothing to do with the generation or layout of
the content_ look critical new web pages over before "publishing" them?
OK, so this is "the web", but critical information still does not
deserve an attitude of "it's just the web", does it?
The odd spelling mistake on the Office or IIS marketing pages we may
accept, but getting something so badly wrong that anyone with two days
experience of real system administration would spot in an eye-blink
_AND_ with such potentially confusing results is pretty darn shoddy
even by MS' own long history of shoddy security standards...
Could it be worse? Well, the page has not been posted long enough for
Google to have indexed it, yet...
I wonder when the first softie would have noticed this??
One final observation, ignoring that "&" has to be escaped in HTML
markup (encoded as an HTML entity in this case), this is actually the
very smallest of computer errors. I said "What a difference a char
makes..." in my Subject: line, but this is really just a single bit
error, as "%" is 0x25 and "&" 0x26.
Would it be too unkind to conclude that MS doesn't care one bit about
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Full-Disclosure - We believe in it.
- What a difference a char makes... Nick FitzGerald (Jul 03)