Re: [Full-Disclosure] SP2 is killing me. Help?
Date: 08/14/04

  • Next message: Todd Towles: "RE: [Full-Disclosure] lame bitching about xpsp2"
    To: Harlan Carvey <>
    Date: Fri, 13 Aug 2004 18:27:56 -0400

    On Thu, 12 Aug 2004 03:33:18 PDT, Harlan Carvey said:

    > Wow! MS goes about doing what the security folks have
    > been harping on for years...providing a modicum of
    > security in their operating system...and now it's a
    > "crap update"? Protection against buffer overflows,
    > the firewall on by default, etc...what we've been
    > asking for and harping on...and you come back with
    > "crap updates"?!?

    Totally ignoring for the moment whether SP2 is actual crap or not,
    consider the following:

    It *IS* totally possible for it to include a lot of features it's been needing
    for years, and *still* be a crap update due to other bugs.

    As a straw-man "for instance" - I think you'd agree that even an SP that
    made it *totally* secure would still qualify as a "crap update" if it got a BSOD
    every time a USB device was plugged or unplugged....

    (Of course, if the "crap" is "my app broke because my vendor was lame and
    relied on buggy or insecure techniques closed down by SP2", the proper
    thing to do is to flame the lame vendor....)

    As an aside, MS had their collective heads in a warm dark orifice when they
    listened to Gibson and took out the "raw packet" functionality - I mean, it
    isn't like there aren't *other* ways that malware can send out a raw packet.
    If anything, they should have put it *in* so malware could use a standard supported
    API rather than some bletcherous backdoor method that destabilized the system. ;)


    Full-Disclosure - We believe in it.

  • Next message: Todd Towles: "RE: [Full-Disclosure] lame bitching about xpsp2"