Re: Is there a downloadable ISO?

From: Alun Jones [MS MVP] (alun_at_texis.invalid)
Date: 04/22/04 

Date: Thu, 22 Apr 2004 17:33:41 GMT

In article <OOHfp$5JEHA.3944@tk2msftngp13.phx.gbl>, "Sandi - Microsoft MVP"
<sandi_hardmeier@mvps.org> wrote:
>Going on what was said to us during and after the beta, a most resounding
>NO!! MS cannot control the quality/cleanliness of third party burns - I'm
>not saying that *you* would use a virus/trojan infected system to burn a
>machine, or use a polluted copy, but the potential is there for an unsavoury
>element to do so, so better to say 'no' to all, otherwise how can the public
>tell what is safe and what isn't?

For my money, I'd hope it was possible for a patch client distributed with
the OS to verify a cryptographic hash / signature on the patches. I haven't
heard any good criticism of this suggestion, so maybe it's something that's
being worked on.

But yes, right now, you have to get it from Microsoft - and then trust that
the CD that comes in the mail with Microsoft's return address on the
envelope, and a Microsoft label printed on the disk has actually come from
Microsoft.

Does the MS web site detail what the CD physically looks like, for at least
that much verification? Otherwise, what's to stop me mailing out a stack of
CDs with infected 'security patches', and carefully writing "Microsoft" on
the labels?

Other than "federal mail fraud laws", etc, of course. Laws are one thing,
but they don't really give all that much in terms of protection before
prosecution occurs.

If the patches could be signed, it'd be possible to distribute patches in
stacks of CDs on the street corner, or get them from anyone that has a
burner.

I keep thinking of my parents - no broadband, spotty dialup, and relatively
little computer savvy. How am I to keep them updated? Oh, and they're on
the other side of the world from me, to make it a little harder.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Relevant Pages

  • So Windows Update is a dog, now what?
    ... extension, that means that the soon-to-be-released Windows Update, ... How about someone getting serious about patch management over at ... In their explanation of the severity rating scheme, the Microsoft ... incredibly reliable mechanism for getting patches onto systems, ...
    (NT-Bugtraq)
  • Re: Receipt of unknown "use this patch immediately"
    ... If you worry that you may be missing a Microsoft patch, ... Microsoft's web site. ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.security)
  • RE: Security and EOL issues (was RE: WMF Exploit Patch released)
    ... While I sympathies with those that feel that Microsoft is getting richer ... Compare AIX to Windows, ... software support for AIX Base Operating System 4.3.3. ... Every vendor releases new builds and patches, ...
    (Security-Basics)
  • Re: Share the wealth...from Bill Gates
    ... >Microsoft will track how many people I forward this email ... irritate them. ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.security)
  • Re: message from microsoft security
    ... If someone turned up on your doorstep and said "I'm from Microsoft ... address label, you'd throw the enclosed CD-ROM away. ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (microsoft.public.windowsxp.security_admin)
Quantcast