Re: [Full-Disclosure] SP2 is killing me. Help?

From: Shannon Johnston (sjohnston_at_cavionplus.com)
Date: 08/13/04

  • Next message: Luke Lussier: "Re: [Full-Disclosure] SP2 is killing me. Help?"
    To: Luke Lussier <luke@intrinsix.net>
    Date: Fri, 13 Aug 2004 01:23:30 -0600
    
    

    Luke Lussier wrote:

    > spamfp@intrinsix.net
    > On Aug 12, 2004, at 10:19 PM, Phillip R. Paradis wrote:
    >
    >>> -----Original Message-----
    >>> From: full-disclosure-admin@lists.netsys.com
    >>> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of xtrecate
    >>
    >>
    >>> Ultimately what difference to an end user does it make if the
    >>> applications
    >>> are broken by a service pack install or a virus?
    >>
    >>
    >> None at all. But the user has control over installing service packs.
    >> And the
    >> user should have read the warnings BEFORE installing it, not after
    >> they discover
    >> something is broken.
    >>
    A-men brother! I feel that this is a bigger problen than originally
    thought. After reading all the complaints about what is wrong with SP2,
    I feel completely un-sympathetic to those who don't bother to read the
    release notes...'

    Shannon Johnston

    >>> I think the update
    >>> provides some long needed changes to the fundamental
    >>> operation of Windows,
    >>> however if Microsoft knew of the potential problems via RC2
    >>> testing, I'd
    >>> have thought they'd do a little more to rectify those
    >>> problems than simply
    >>> releasing and disclaiming.
    >>
    >>
    >> Most of those problems are a result of a very simple problem. For
    >> certain
    >> security issues, it is possible to remain compatible with old,
    >> generally poorly
    >> written code, or to fix the security problem, but not both. There are
    >> some
    >> security issues that simply could not be fixed without creating
    >> compatibility
    >> issues. The data execution issue is one clear example; making blocks
    >> of memory
    >> allocated for data non-executable is a very effective way of
    >> preventing buffer
    >> overrun exploits from executing arbitrary code. The downside is that
    >> software
    >> (such as DivX) that intentionally tries to execute data won't work
    >> anymore.
    >> Given the choice between a secure system and a few badly written
    >> programs, I'd
    >> rather take the secure system and let the developers of those few
    >> programs that
    >> don't work due to lazy coding fix their products. Microsoft has in
    >> the past
    >> always taken the route of less security and more compatibility, and
    >> I, for one,
    >> think it's a good thing that their attitude has changed somewhat.
    >>
    >>
    >> _______________________________________________
    >> Full-Disclosure - We believe in it.
    >> Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Luke Lussier: "Re: [Full-Disclosure] SP2 is killing me. Help?"

    Relevant Pages

    • Re: Linux Distribution Recomendation
      ... > Now I see it was the VM issue and full compatibility that still had hurdles. ... respect the fact that people make trade-offs, ... Basically they trade in a bit of security for a bit of compatibility. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • Re: I turned off UAC
      ... I prefer the added security, but I haven't had any problems at the particular sites I frequent. ... The real issue is compatibility and security. ... Because too many people complained so much that it was too hard to use or too hard to get used to or too annoying, etc. Real power users do not need it, but many regular home users do. ... something that takes admin permission? ...
      (microsoft.public.windows.vista.general)
    • Re: [Full-Disclosure] SP2 is killing me. Help?
      ... But the user has control over installing service packs. ... > written code, or to fix the security problem, but not both. ... The data execution issue is one clear example; ... > always taken the route of less security and more compatibility, and I, ...
      (Full-Disclosure)
    • QuickTime 7.6 now on SU
      ... "QuickTime 7.6 includes changes that increase reliability, ... Improves compatibility with iChat and Photo Booth ... For information on the security content of this update, ...
      (uk.comp.sys.mac)