Re: [Full-Disclosure] SP2 is killing me. Help?
To: Harlan Carvey <firstname.lastname@example.org> Date: Fri, 13 Aug 2004 18:27:56 -0400
On Thu, 12 Aug 2004 03:33:18 PDT, Harlan Carvey said:
> Wow! MS goes about doing what the security folks have
> been harping on for years...providing a modicum of
> security in their operating system...and now it's a
> "crap update"? Protection against buffer overflows,
> the firewall on by default, etc...what we've been
> asking for and harping on...and you come back with
> "crap updates"?!?
Totally ignoring for the moment whether SP2 is actual crap or not,
consider the following:
It *IS* totally possible for it to include a lot of features it's been needing
for years, and *still* be a crap update due to other bugs.
As a straw-man "for instance" - I think you'd agree that even an SP that
made it *totally* secure would still qualify as a "crap update" if it got a BSOD
every time a USB device was plugged or unplugged....
(Of course, if the "crap" is "my app broke because my vendor was lame and
relied on buggy or insecure techniques closed down by SP2", the proper
thing to do is to flame the lame vendor....)
As an aside, MS had their collective heads in a warm dark orifice when they
listened to Gibson and took out the "raw packet" functionality - I mean, it
isn't like there aren't *other* ways that malware can send out a raw packet.
If anything, they should have put it *in* so malware could use a standard supported
API rather than some bletcherous backdoor method that destabilized the system. ;)
Full-Disclosure - We believe in it.
- application/pgp-signature attachment: stored