[Full-Disclosure] RE: Full-Disclosure digest, SP2 Problems

From: RandallM (randallm_at_fidmail.com)
Date: 06/08/04

  • Next message: Larry Seltzer: "[sb] RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)"
    To: <full-disclosure@lists.netsys.com>
    Date: Mon, 7 Jun 2004 21:19:05 -0500
    
    

    Jelmer made this really neat statement:
     
    <|>--__--__--
    <|>
    <|>Message: 5
    <|>Date: Mon, 07 Jun 2004 04:17:28 +0200
    <|>From: Jelmer <jkuperus@planet.nl>
    <|>Subject: RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary
    <|>code
    <|> (An analysis of the 180 Solutions Trojan)
    <|>To: "'Chris Carlson'" <chris@compucounts.com>
    <|>Cc: full-disclosure@lists.netsys.com
    <|>
    <|>I haven't installed SP2 yet since I heard a lot of complaints from people
    <|>who claimed it caused instability, it had memory management issues, some
    <|>drivers didn't work, security measures a bit too much in your face etc
    <|>
    <|>But I reviewed the list of changes sometime back and I concur, it looks
    <|>very
    <|>promising, I think in the near future an IE exploit will be a rare
    <|>occurrence as opposed to a bi weekly event
    <|>
    <|>End of Full-Disclosure Digest

    My reply:

    I have the sp2 after attending the Security Summit 2004. I loaded this on my
    test laptop. Glad I did. I would have been very pissed if I had loaded it on
    anything else.

    First off, if you have McAfee or Norton you no longer are able to update
    using auto. It for sure is for the "home" user. If you're expecting
    something that you can have a little more control over this is not for you.
    One thing that I was afraid of and concerned me due to my mobile users was
    the ability to use VPN. It works well and does give you options to select
    services for each connection you use.
    It did not recognize my virus program being loaded nor give me the option to
    point to it. I think that's due to the McAfee incompatibility in someway

    I did look for a fix and found this but haven't tried it yet:
    ______________
    The McAfee framework issue is solved easily.
    Administrative Tools
    Component Service
    DCOM conf
    Framework service
    Right-click -> properties
    Set the launch and access permission to Default
    Restart pc. McAfee will update properly.
    Seems to be an error in the McAfee installer
    ________________

    Then of course there seems to be a slue of areas from web programs to a
    warning from Microsoft "that SP2 will break and disrupt existing
    applications unless specific code rewrites are made at the developer end".
    http://www.internetnews.com/ent-news/article.php/3322381

    I'll test the above for McAfee fix and see if that works.

    Randall M

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Larry Seltzer: "[sb] RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)"

    Relevant Pages