RE: Releasing patches is bad for security

• Previous message: Chris Brenton: "Releasing patches is bad for security"
• In reply to: Chris Brenton: "Releasing patches is bad for security"
• Next in thread: Clint Bodungen: "Re: Releasing patches is bad for security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Chris Brenton" <cbrenton@chrisbrenton.org>, <incidents@securityfocus.com>
Date: Thu, 26 Feb 2004 14:59:21 -0500

Technically, this is a viable method for getting security flaws to go away.
After all, nobody in their right mind would use the OS so it'll go away -
and the flaws along with it.

... hey, whatever path to security works. ;-)

Kind Regards (and good chuckles!),
-dsp

> -----Original Message-----
> From: Chris Brenton [mailto:cbrenton@chrisbrenton.org]
> Sent: Thursday, February 26, 2004 1:31 PM
> To: incidents@securityfocus.com
> Subject: Releasing patches is bad for security
>
>
> Greets all,
>
> This is just such a hoot I had to share:
> http://news.bbc.co.uk/1/hi/technology/3485972.stm
>
> The story quotes David Aucsmith, who is in charge of technology at
> Microsoft's security business and technology unit as stating:
>
> "We have never had vulnerabilities exploited before the patch was
> known,"
>
> The story then goes on to talk about how vulnerabilities are always
> reverse engineered from patches. It really sounds to me like he's saying
> that patches are *the* problem and if only Microsoft would stop
> releasing patches, then all the security issues would just go away.
>
> Microsoft has already dropped down to a monthly patch system. Even then
> they have already been skipping months. Could this be early PR spin to
> justify not releasing security patches?
>
> C
>
>
>
> ------------------------------------------------------------------
> ---------
> ------------------------------------------------------------------
> ----------
>
>
>
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Chris Brenton: "Releasing patches is bad for security"
• In reply to: Chris Brenton: "Releasing patches is bad for security"
• Next in thread: Clint Bodungen: "Re: Releasing patches is bad for security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Releasing patches is bad for security ... Releasing patches is bad for security ... The story quotes David Aucsmith, who is in charge of technology at ... Microsoft's security business and technology unit as stating: ... releasing patches, then all the security issues would just go away. ... (Incidents) Re: Is Linux a Security Time Bomb? ... > Finally, remember, MS try to cover up the release of security bulletins ... > if an independent security consultant finds a security problem and reports ... > way to patch the problem - which could take several months. ... MS has a PR advantage when releasing patches once a month: ... (alt.os.linux.suse) Re: New Microsoft Security scare? ... >> vulnerable to the mother and father of all security flaws for 6 months ... So Leythos if you really think you can secure XP in 10 ... >> How do you secure XP against unknown holes? ... Given the state of the security situation at present and the known ... (alt.computer.security) Re: sick of Linux bias ... >Linux has little to no security flaws. ... The simple fact is that both OS's aren't free from security flaws. ... Not always, but being able to view the source code, and being able to ... (comp.security.firewalls) Re: sick of Linux bias ... >Linux has little to no security flaws. ... The simple fact is that both OS's aren't free from security flaws. ... Not always, but being able to view the source code, and being able to ... (alt.computer.security)