Full Disclosure mailing list archives
RE: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011
From: "Edward W. Ray" <support () mmicman com>
Date: Wed, 14 Apr 2004 08:40:21 -0700
I would not mind the bunching, except that many of the vulnerabilities were discovered more than 4-6 months ago. The other Oses release patches much more quickly. What if someone other than Eeye with an axe to grind discovered these flaws before Microsoft decided to patch them? -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Roman Drahtmueller Sent: Wednesday, April 14, 2004 7:36 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011
I use Linux, OpenBSD and Windows in my enterprise. Linux and OpenBSD use the "1 patch for 1 vulnerability" rule. Seems to me that MS is bunching their patches together in order to make it seem on the surface that Windows has less patches than other Oses, therefore it is more secure. CIOs, take note.
It happens from time to time (today...) that several bugs get fixed with one update package on SUSE Linux (and other Linuxes). But: One update package fixes one package, whereas one patch can consist of several update packages (in our patch management framework). After all, it is a matter of transparency if you can manually, individually select what update package you want on your system and which not. Probably even more important: You should also be able to see what _changes_ have been applied to every single update package. Otherwise, you just can't know what else has been "fixed"... Regards, Roman. -- - - | Roman Drahtmüller <draht () suse de> // "You don't need eyes to see, | SUSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DEF CON 12 WarDriving Contest Announced chris (Apr 14)
- The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Edward W. Ray (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Roman Drahtmueller (Apr 14)
- RE: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Edward W. Ray (Apr 14)
- RE: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 David T Hollis (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Roman Drahtmueller (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Seth Alan Woolley (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Exibar (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 John Sage (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Paul Schmehl (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Curt Purdy (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Exibar (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Dave Horsfall (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Rick Updegrove (Apr 14)
- Re: The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Byron Copeland (Apr 14)
- The new Microsoft math: 1 patch for 14 vulnerabilities, MS04-011 Edward W. Ray (Apr 14)