Re: [Full-Disclosure] SP2 is killing me. Help?

From: Shannon Johnston (
Date: 08/13/04

  • Next message: Luke Lussier: "Re: [Full-Disclosure] SP2 is killing me. Help?"
    To: Luke Lussier <>
    Date: Fri, 13 Aug 2004 01:23:30 -0600

    Luke Lussier wrote:

    > On Aug 12, 2004, at 10:19 PM, Phillip R. Paradis wrote:
    >>> -----Original Message-----
    >>> From:
    >>> [] On Behalf Of xtrecate
    >>> Ultimately what difference to an end user does it make if the
    >>> applications
    >>> are broken by a service pack install or a virus?
    >> None at all. But the user has control over installing service packs.
    >> And the
    >> user should have read the warnings BEFORE installing it, not after
    >> they discover
    >> something is broken.
    A-men brother! I feel that this is a bigger problen than originally
    thought. After reading all the complaints about what is wrong with SP2,
    I feel completely un-sympathetic to those who don't bother to read the
    release notes...'

    Shannon Johnston

    >>> I think the update
    >>> provides some long needed changes to the fundamental
    >>> operation of Windows,
    >>> however if Microsoft knew of the potential problems via RC2
    >>> testing, I'd
    >>> have thought they'd do a little more to rectify those
    >>> problems than simply
    >>> releasing and disclaiming.
    >> Most of those problems are a result of a very simple problem. For
    >> certain
    >> security issues, it is possible to remain compatible with old,
    >> generally poorly
    >> written code, or to fix the security problem, but not both. There are
    >> some
    >> security issues that simply could not be fixed without creating
    >> compatibility
    >> issues. The data execution issue is one clear example; making blocks
    >> of memory
    >> allocated for data non-executable is a very effective way of
    >> preventing buffer
    >> overrun exploits from executing arbitrary code. The downside is that
    >> software
    >> (such as DivX) that intentionally tries to execute data won't work
    >> anymore.
    >> Given the choice between a secure system and a few badly written
    >> programs, I'd
    >> rather take the secure system and let the developers of those few
    >> programs that
    >> don't work due to lazy coding fix their products. Microsoft has in
    >> the past
    >> always taken the route of less security and more compatibility, and
    >> I, for one,
    >> think it's a good thing that their attitude has changed somewhat.
    >> _______________________________________________
    >> Full-Disclosure - We believe in it.
    >> Charter:
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:

    Full-Disclosure - We believe in it.

  • Next message: Luke Lussier: "Re: [Full-Disclosure] SP2 is killing me. Help?"