Interesting People mailing list archives
more on An annoyed Farber -- Microsoft vulnerabilities in Office products (Word, PowerPoint, Excel, Outlook)
From: Dave Farber <dave () farber net>
Date: Mon, 08 Sep 2003 17:52:12 -0400
Date: Mon, 08 Sep 2003 14:26:16 -0700 From: Roy Levin <> Subject: Re: [IP] An annoyed Farber -- Microsoft vulnerabilities in Office products (Word, PowerPoint, Excel, Outlook) To: Dave Farber <dave () farber net> Hi Dave, Here's some information about the annoying "insert CD in order to install patches" experience you had with Office. If you deem this suitable for the IP list, feel free to distribute, but please remove my email address. Best, Roy ======================== Dave, I had the same experience that you did with Office Update: its annoying demand to insert the installation CD before it would install security patches. As a consequence, I talked to the people inside Microsoft who have responsibility for the relevant software. I was interested to learn that the behavior is not the result of piracy concerns but rather a side-effect of mechanisms intended to improve download performance. The Windows Installer has quite a lot of machinery to minimize the size of downloads by using deltas, which are computed relative to the installation bits. In practice, this machinery reduces download size quite substantially in many cases, but it obviously depends on having the installation bits available on the user's machine. This works smoothly if those bits are readily accessible (say, cached somewhere on the user's hard drive), but otherwise the installer has to ask for them, producing the annoying behavior that we (and doubtless many others) experienced. I'm told that the delta compression mechanism is optional (patch kits can use whole-file transfer instead), but because some downloads are very large (especially service packs), the performance advantages of delta compression are significant and most patches therefore tend to use them. I'm also told that we can expect the upcoming version of Office not to exhibit the behavior that annoyed you. Best, Roy ------------- You wrote: OF COURSE MS IN THE EXPECTED "PROTECT OUR PRODUCT" MODE requires you to have the cdrom in order to install this critical and important protection. I have just moved and , like many, have no idea where the damn box is so I can not protect my self except to not use the Office suite. Why are such emergency updates conditional on finding the damn cdrom??? Dave >Microsoft has issued a security notice concerning the entire Microsoft >Office suite (Word, PowerPoint, Excel, Outlook). The vulnerability >could allow an attacker to gain control of a machine. For those faculty >and staff who are out of the office today please visit the following >websites to receive the latest patches: > >http://www.windowsupdate.com >http://www.officeupdate.com/ProductUpdates/default.aspx > >Please note, to receive the patches you must click on the scanning tool. >In some cases, you will have to provide the installation media (CD) >during the patch installation. > >Generally the installation takes between 10-25 minutes (longer if >you're using a dial up connection). Your cooperation is very much >appreciated and if you have any questions please contact me directly. ------------------------------------- You are subscribed as roy () Levin net To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on An annoyed Farber -- Microsoft vulnerabilities in Office products (Word, PowerPoint, Excel, Outlook) Dave Farber (Sep 08)