Re: Towards a responsible vulnerability process
From: NetArchitect Old Mail (oldmail@NETARCHITECT.COM)Date: 11/05/01
- Previous message: Ryan Russell: "Re: Towards a responsible vulnerability process"
- In reply to: David LeBlanc: "Re: Towards a responsible vulnerability process"
- Next in thread: Joe Melhado: "Re: Towards a responsible vulnerability process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <5.1.0.14.0.20011104211057.00b9ee10@mail.netarchitect.com> Date: Sun, 4 Nov 2001 21:27:16 -0500 From: NetArchitect Old Mail <oldmail@NETARCHITECT.COM> Subject: Re: Towards a responsible vulnerability process To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
>"> 2. Can we slip-stream NT 4.0 service packs and Hotfixes yet?
> > Nope,
>
>Actually, I believe you can with RIS. I also think there's a KB article on
>some of this."
If you have further information regarding this, I'm sure this group would
be very interested in learning about it. As someone who has written
numerous columns on RIS and what it's capable of, this type of capability
would be news to me. I'd be very curious to see the official Microsoft
support for this, considering that they have built RIS as a tool for
deploying Windows 2000 - and only the Professional version at that (yes, I
know there's a hack to TXTSETUP to have it install 2000 Server).
When the original author mentioned "slipstreaming", I believe he meant
exactly that - merging the SP bits into the I386 bits, so that they will
always be used together. Slipstreaming does not mean imaging ("ghosting"
or "sysdiffing") an existing OS install, and slipstreaming does not mean
some sort of GuiRunOnce batch script which installs all the SP's and
hotfixes. NT has become a patchwork of the base OS itself, the Option
Pack, service pack 6a, and post-6a hotfixes -- it doesn't surprise me to
learn that it takes administrators an entire day to install NT these
days. If Microsoft were interested in doing a HUGE favor for their
existing customer base, instead of doing SP7 (which everyone wants, BTW),
and compile one final build of NT that included everything to date. Heck,
I bet most administrators would actually pay a small fee to upgrade to a
"NT 4.1" product, just to avoid the hassles and wasted time of securing
that OS. I guess that statement begs the question - is Microsoft truly
interested in helping out their customers easily deploy secure operating
systems, or are they more interested in getting people to upgrade (one way
or another) to the latest OS?
Just my $.02,
-Douglas Toombs
-Contributing Editor, Windows 2000 Magazine
> > So, we should accept that there are only two choices.
>
>Only if you choose to contruct a box containing only 2 choices and decide to
>contrain your thinking to that box. I see a lot more than 2 choices.
>
>[snip]
>
>David LeBlanc
>dleblanc@mindspring.com
- Previous message: Ryan Russell: "Re: Towards a responsible vulnerability process"
- In reply to: David LeBlanc: "Re: Towards a responsible vulnerability process"
- Next in thread: Joe Melhado: "Re: Towards a responsible vulnerability process"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
