Re: [Full-Disclosure] SP2 is killing me. Help?
From: Shannon Johnston (sjohnston_at_cavionplus.com)
To: Luke Lussier <firstname.lastname@example.org> Date: Fri, 13 Aug 2004 01:23:30 -0600
Luke Lussier wrote:
> On Aug 12, 2004, at 10:19 PM, Phillip R. Paradis wrote:
>>> -----Original Message-----
>>> From: email@example.com
>>> [mailto:firstname.lastname@example.org] On Behalf Of xtrecate
>>> Ultimately what difference to an end user does it make if the
>>> are broken by a service pack install or a virus?
>> None at all. But the user has control over installing service packs.
>> And the
>> user should have read the warnings BEFORE installing it, not after
>> they discover
>> something is broken.
A-men brother! I feel that this is a bigger problen than originally
thought. After reading all the complaints about what is wrong with SP2,
I feel completely un-sympathetic to those who don't bother to read the
>>> I think the update
>>> provides some long needed changes to the fundamental
>>> operation of Windows,
>>> however if Microsoft knew of the potential problems via RC2
>>> testing, I'd
>>> have thought they'd do a little more to rectify those
>>> problems than simply
>>> releasing and disclaiming.
>> Most of those problems are a result of a very simple problem. For
>> security issues, it is possible to remain compatible with old,
>> generally poorly
>> written code, or to fix the security problem, but not both. There are
>> security issues that simply could not be fixed without creating
>> issues. The data execution issue is one clear example; making blocks
>> of memory
>> allocated for data non-executable is a very effective way of
>> preventing buffer
>> overrun exploits from executing arbitrary code. The downside is that
>> (such as DivX) that intentionally tries to execute data won't work
>> Given the choice between a secure system and a few badly written
>> programs, I'd
>> rather take the secure system and let the developers of those few
>> programs that
>> don't work due to lazy coding fix their products. Microsoft has in
>> the past
>> always taken the route of less security and more compatibility, and
>> I, for one,
>> think it's a good thing that their attitude has changed somewhat.
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure - We believe in it.