Full Disclosure mailing list archives
RE: The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011
From: Tremaine Lea <tremaine.lea () sjrb ca>
Date: Wed, 14 Apr 2004 14:45:57 -0600
-----Original Message----- From: Ron DuFresne [mailto:dufresne () winternet com] Sent: Wednesday, April 14, 2004 2:41 PM To: Tremaine Lea Cc: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011 [SNIP]This merely begs the question, why do they not then release the patches as both? A single "patch'em all" one for single users and those who can afford to implement patches this way, and abroken outset of the patch that can be more thoroughly tested in larger scale environments where the big patch solution doesn't work.a major contributing factor is dependencies, and as others pointed out we are seeing more and more of that in the linux desktop realm as well, and even in the other major unix vendor realms too. you can't often fix one little .exe or .com file iin an env whence the browser acts as the kernel which acts as then shell which acts as an individual applicaton that replaces 20 applications once produced by various vendors now bought out and sucked into the core OS...but, redhat already is the 'windows' of the linux world and suse is not far behind if it remains so now. Thanks, Ron DuFresne
In cases such as you describe, obviously a single patch is preferred. I was referring more to instances where there are numerous fixes included in a single patch that could as easily be made available as individual patches. While I'm a self confessed linux fan, we also have our share of exploits and users who don't maintain a reasonable level of security on their systems. I know a large number of linux users who don't subscribe to the mailing lists for their distro and so are often unaware of a problem until I bring it up in casual conversation ;) Users are users, and while I like to think that linux users tend to be more Clued (tm) than Windows users... There are plenty of glaring exceptions. Cheers, Tremaine _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011 Tremaine Lea (Apr 14)