[Full-Disclosure] SP2 is killing me. Help?
luke at intrinsix.net
Fri Aug 13 07:14:31 BST 2004
spamfp at intrinsix.net
On Aug 12, 2004, at 10:19 PM, Phillip R. Paradis wrote:
>> -----Original Message-----
>> From: full-disclosure-admin at lists.netsys.com
>> [mailto:full-disclosure-admin at lists.netsys.com] On Behalf Of xtrecate
>> Ultimately what difference to an end user does it make if the
>> are broken by a service pack install or a virus?
> None at all. But the user has control over installing service packs.
> And the
> user should have read the warnings BEFORE installing it, not after
> they discover
> something is broken.
>> I think the update
>> provides some long needed changes to the fundamental
>> operation of Windows,
>> however if Microsoft knew of the potential problems via RC2
>> testing, I'd
>> have thought they'd do a little more to rectify those
>> problems than simply
>> releasing and disclaiming.
> Most of those problems are a result of a very simple problem. For
> security issues, it is possible to remain compatible with old,
> generally poorly
> written code, or to fix the security problem, but not both. There are
> security issues that simply could not be fixed without creating
> issues. The data execution issue is one clear example; making blocks
> of memory
> allocated for data non-executable is a very effective way of
> preventing buffer
> overrun exploits from executing arbitrary code. The downside is that
> (such as DivX) that intentionally tries to execute data won't work
> Given the choice between a secure system and a few badly written
> programs, I'd
> rather take the secure system and let the developers of those few
> programs that
> don't work due to lazy coding fix their products. Microsoft has in the
> always taken the route of less security and more compatibility, and I,
> for one,
> think it's a good thing that their attitude has changed somewhat.
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure is hosted and sponsored by Secunia.