Full Disclosure mailing list archives
Re: MS-02-052
From: nick () virus-l demon co uk (Nick FitzGerald)
Date: Fri, 20 Sep 2002 08:31:05 +1200
Does anybody else find it disturbing that today's JVM patch can only be installed through Windows Update, ...
Yes. And, as a more general point, it is most frustrating for those who have to admin (or oversee the admin of) Losedows boxes but who have the option themselves of either not running the MS bug-fest known as Internet Explorer and/or don't run Losedows themselves that MS takes this and similar Losedows-centric approaches to patch availability. It seems that part of "Trustworthy Computing" is that what makes sense and is useful to those who actually try to practice it in their day to day endeavours is not taken into account. MS should make full "network install" kits for all downloadable upgrades, service packs, etc and should make them readily available from an easily accessible location and make them obtainable with any minimally functional "browser" (even wget). Failure to do this (or, at least to make the locations of such things damned hard to find when they available) shows just how much MS really cares for your security -- it seems MS cares enough about it that MS would rather save some of its plentitude of dimes by reducing their bandwidth charges...
... and the Windows Update site now attempts to install an unsigned control (http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.cab) after informing the user to "click Yes on any Security Warnings that pop up"?
8-) What can we say? You _are_ talking about Microsoft... Regards, Nick FitzGerald
Current thread:
- Re: MS-02-052 full-disclosure () lists netsys com (Sep 19)
- Re: MS-02-052 Nick FitzGerald (Sep 19)
- Re: MS-02-052 Jouko Pynnonen (Sep 19)
- Re: MS-02-052 Steve (Sep 20)
- Re: MS-02-052 Nexus (Sep 20)
- Re: MS-02-052 Steve (Sep 20)
- Re: MS-02-052 Nexus (Sep 20)
- Re: MS-02-052 Steve (Sep 20)
- <Possible follow-ups>
- Re: MS-02-052 naked_turkey () hushmail com (Sep 20)
- Re: MS-02-052 gobbles () hush com (Sep 20)
- Re: MS-02-052 John (Sep 20)
- Re: MS-02-052 phc () hush com (Sep 20)
- Re: MS-02-052 full-disclosure () lists netsys com (Sep 20)