Re: [Full-Disclosure] SP2 is killing me. Help?
From: Shannon Johnston (sjohnston_at_cavionplus.com)
Date: 08/13/04
- Previous message: Shannon Johnston: "Re: [Full-Disclosure] lame bitching about xpsp2"
- Maybe in reply to: xtrecate: "[Full-Disclosure] SP2 is killing me. Help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Luke Lussier <luke@intrinsix.net> Date: Fri, 13 Aug 2004 01:23:30 -0600
Luke Lussier wrote:
> spamfp@intrinsix.net
> On Aug 12, 2004, at 10:19 PM, Phillip R. Paradis wrote:
>
>>> -----Original Message-----
>>> From: full-disclosure-admin@lists.netsys.com
>>> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of xtrecate
>>
>>
>>> Ultimately what difference to an end user does it make if the
>>> applications
>>> are broken by a service pack install or a virus?
>>
>>
>> None at all. But the user has control over installing service packs.
>> And the
>> user should have read the warnings BEFORE installing it, not after
>> they discover
>> something is broken.
>>
A-men brother! I feel that this is a bigger problen than originally
thought. After reading all the complaints about what is wrong with SP2,
I feel completely un-sympathetic to those who don't bother to read the
release notes...'
Shannon Johnston
>>> I think the update
>>> provides some long needed changes to the fundamental
>>> operation of Windows,
>>> however if Microsoft knew of the potential problems via RC2
>>> testing, I'd
>>> have thought they'd do a little more to rectify those
>>> problems than simply
>>> releasing and disclaiming.
>>
>>
>> Most of those problems are a result of a very simple problem. For
>> certain
>> security issues, it is possible to remain compatible with old,
>> generally poorly
>> written code, or to fix the security problem, but not both. There are
>> some
>> security issues that simply could not be fixed without creating
>> compatibility
>> issues. The data execution issue is one clear example; making blocks
>> of memory
>> allocated for data non-executable is a very effective way of
>> preventing buffer
>> overrun exploits from executing arbitrary code. The downside is that
>> software
>> (such as DivX) that intentionally tries to execute data won't work
>> anymore.
>> Given the choice between a secure system and a few badly written
>> programs, I'd
>> rather take the secure system and let the developers of those few
>> programs that
>> don't work due to lazy coding fix their products. Microsoft has in
>> the past
>> always taken the route of less security and more compatibility, and
>> I, for one,
>> think it's a good thing that their attitude has changed somewhat.
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Shannon Johnston: "Re: [Full-Disclosure] lame bitching about xpsp2"
- Maybe in reply to: xtrecate: "[Full-Disclosure] SP2 is killing me. Help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
