Full Disclosure mailing list archives
Re: SP2 is killing me. Help?
From: Luke Lussier <luke () intrinsix net>
Date: Fri, 13 Aug 2004 01:14:31 -0500
spamfp () intrinsix net On Aug 12, 2004, at 10:19 PM, Phillip R. Paradis wrote:
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of xtrecateUltimately what difference to an end user does it make if the applications are broken by a service pack install or a virus?None at all. But the user has control over installing service packs. And the user should have read the warnings BEFORE installing it, not after they discoversomething is broken.I think the update provides some long needed changes to the fundamental operation of Windows, however if Microsoft knew of the potential problems via RC2 testing, I'd have thought they'd do a little more to rectify those problems than simply releasing and disclaiming.Most of those problems are a result of a very simple problem. For certain security issues, it is possible to remain compatible with old, generally poorly written code, or to fix the security problem, but not both. There are some security issues that simply could not be fixed without creating compatibility issues. The data execution issue is one clear example; making blocks of memory allocated for data non-executable is a very effective way of preventing buffer overrun exploits from executing arbitrary code. The downside is that software (such as DivX) that intentionally tries to execute data won't work anymore. Given the choice between a secure system and a few badly written programs, I'd rather take the secure system and let the developers of those few programs that don't work due to lazy coding fix their products. Microsoft has in the past always taken the route of less security and more compatibility, and I, for one,think it's a good thing that their attitude has changed somewhat. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: SP2 is killing me. Help?, (continued)
- RE: SP2 is killing me. Help? Aditya, ALD [Aditya Lalit Deshmukh] (Aug 12)
- Re: SP2 is killing me. Help? Harlan Carvey (Aug 12)
- Re: SP2 is killing me. Help? Georgi Guninski (Aug 12)
- Re: SP2 is killing me. Help? Harlan Carvey (Aug 12)
- Re: SP2 is killing me. Help? Maarten (Aug 12)
- Re: SP2 is killing me. Help? Valdis . Kletnieks (Aug 13)
- Re: SP2 is killing me. Help? Ron DuFresne (Aug 18)
- RE: SP2 is killing me. Help? joe (Aug 12)
- RE: SP2 is killing me. Help? xtrecate (Aug 12)
- RE: SP2 is killing me. Help? Phillip R. Paradis (Aug 12)
- Re: SP2 is killing me. Help? Luke Lussier (Aug 13)
- Re: SP2 is killing me. Help? Shannon Johnston (Aug 13)