Re: The worm author finally revealed!

["David Howe" <DaveHowe () cmn sharp-uk co uk>]

at Friday, January 31, 2003 7:52 PM, madsaxon <madsaxon () direcway com>
was seen to say:
> That happens where I work, too.  Every new patch breaks something
> else, and since a fair amount of our software is custom-designed, we
> have to get the vendors to rush out and figure out how to patch their
> stuff to be compatible with the new patch.  That costs beaucoup
> bucks, and meanwhile our clients are screaming because their
> application is down.  The next time a patch comes out, management is
> very reluctant to allow us to install it, so we have to do a
> cost-benefit analysis on which would be the greater evil: leaving the
> vulnerability unpatched or pissing off our clients with yet another
> period of downtime.  If we don't patch, we get called "irresponsible"
> and "lazy."
Certainly true. then you have the wonderful microsoft habit of a later
patch overwriting (and therefore silently backing out) an earlier
patch's files, and the fact that some sites *legally can't* install the
more recent service packs/patches as microsofts new licencing agreement
conflicts with a legal duty of privacy for the data processed on that
machine.

> I personally argued strongly against Microsoft servers in the first
> place, but of course that was pooh-poohed as just sour grapes from an
> old Unix fossil.
Unfortunately, its a cascade - new features of IE require windows
servers, which require users to be using IE.....


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html