Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011

From: Tremaine Lea <tremaine.lea () sjrb ca>
Date: Wed, 14 Apr 2004 14:45:57 -0600
 


-----Original Message-----
From: Ron DuFresne [mailto:dufresne () winternet com] 
Sent: Wednesday, April 14, 2004 2:41 PM
To: Tremaine Lea
Cc: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] The new Microsoft math: 1 
patch for 14 vul nerabilities, MS04-011



      [SNIP]



This merely begs the question, why do they not then release the 
patches as both?  A single "patch'em all" one for single users and 
those who can afford to implement patches this way, and a 

broken out 

set of the patch that can be more thoroughly tested in larger scale 
environments where the big patch solution doesn't work.




a major contributing factor is dependencies, and as others 
pointed out we are seeing more and more of that in the linux 
desktop realm as well, and even in the other major unix 
vendor realms too.  you can't often fix one little .exe or 
.com file iin an env whence the browser acts as the kernel 
which acts as then shell which acts as an individual 
applicaton that replaces 20 applications once produced by 
various vendors now bought out and sucked into the core 
OS...but, redhat already is the 'windows' of the linux world 
and suse is not far behind if it remains so now.


Thanks,

Ron DuFresne



In cases such as you describe, obviously a single patch is preferred.  I was
referring more to instances where there are numerous fixes included in a
single patch that could as easily be made available as individual patches.

While I'm a self confessed linux fan, we also have our share of exploits and
users who don't maintain a reasonable level of security on their systems.  I
know a large number of linux users who don't subscribe to the mailing lists
for their distro and so are often unaware of a problem until I bring it up
in casual conversation ;)  Users are users, and while I like to think that
linux users tend to be more Clued (tm) than Windows users... There are
plenty of glaring exceptions.

Cheers,

Tremaine

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: