Full Disclosure mailing list archives
Re: Administrivia: Testing Emergency Virus Filter..
From: Bryan Allen <bda () mirrorshades net>
Date: Wed, 20 Aug 2003 18:41:57 -0400
On Wednesday, August 20, 2003, at 4:37 PM, Gary E. Miller wrote:
Yo Paul! On Wed, 20 Aug 2003, Schmehl, Paul L wrote:Have you asked them when the last time that they updated was? A remotehole in Mac OS X was announced just last week (the realpath problem). I'll bet most of them don't even know about it.All OSes have problems getting users to update. The old saying "If it ain't broke don't fix it" will be with us a long time. At least if the user is using an OS with halfway decent priviledge separtion there will probably be more limited damage when unpatched bugs are exploited.
Also keeping in mind that Software Update is on by default, and forces a user to reboot if it's required (no closing the window a la Windows).
In theory, if a user isn't clueful enough to know about security updates, it's *relatively* unlikely that they'll have turned it off, or will do so. (The same goes for Windows Update, only I have yet to hear that when you install an OS X patch, it tells you it's installed the update, only it hasn't, unlike some other package update mechanisms I suppose we could mention. ;-)
Panther (OS X.3) will have reboot-less updates, apparently.Also, the "OMFG THAT OS HAD A VULNERABILITY OMFG WTF" is rather silly. Applications have bugs. Patches get written. Hopefully they get applied.
How many Linux users are still running a ptrace-vulnerable kernel? Or how many FreeBSD users haven't cvsup'd up and rebuilt their kernel? How many never got the vuln reports in the first place?
Users are users. So it goes. -- bda Cyberpunk is dead. Long live cyberpunk. http://mirrorshades.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Administrivia: Testing Emergency Virus Filter.., (continued)
- RE: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Nick FitzGerald (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Paul Schmehl (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Valdis . Kletnieks (Aug 21)
- Re: Administrivia: Testing Emergency Virus Filter.. Nick FitzGerald (Aug 21)
- RE: Administrivia: Testing Emergency Virus Filter.. Dan Stromberg (Aug 21)
- RE: Administrivia: Testing Emergency Virus Filter.. Nick FitzGerald (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Paul Szabo (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Bryan Allen (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Valdis . Kletnieks (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Schmehl, Paul L (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Paul Schmehl (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 21)
- RE: Re: Administrivia: Testing Emergency Virus Filter.. Drew Copley (Aug 20)
- Re: Re: Administrivia: Testing Emergency Virus Filter.. Thor Larholm (Aug 21)