Navigation
User login
Quote
Jon Postel
In general, an implementation must be conservative in its sending behavior, and liberal in its receiving behavior.
Microsoft releases yet another mega patch: CNN
Fri, 08/23/2002 - 10:23 — charlie.collins
A bunch of flaws in a bunch of products are addressed by a new patch (series thereof) being released by Microsoft. Its "critical" stuff for IE and Office, etc.
Its quite funny as some slashdots posters have pointed out that the EULA for this patch and others apparently states (I have not read it, my patch is here) that Microsoft can apply updates at a later time without your further permission. The vulnerabilities allow hackers to execute arbitrary code, the update allows MICROSOFT to do so!
Check the linked CNN story and the discussion at slashdot. Microsoft releases yet another mega patch: CNN
This work is licensed under a Creative Commons License.
1998-2008 temple of the screaming penguin
TotSP Search
Community
Chatter
- Excellent post! Dumbster can
1 day 8 hours ago - I glossed over the database
3 days 9 hours ago - Error
4 days 13 hours ago - its very good
2 weeks 16 hours ago - Very informative.
2 weeks 3 days ago - Thanks for the demo code; how to write the UserComment field
3 weeks 19 hours ago - Would be happy to add you if
4 weeks 1 day ago - add me
4 weeks 1 day ago - Thanks
5 weeks 2 days ago - Extremely annoying
5 weeks 3 days ago
Comments
Re: Microsoft releases yet another mega patch: CNN
not commenting on the EULA - I read it and I didn't see anything that said MS could install software on my machine - How come MS gets slammed for releasing 'one in another series of patches', but when KDE or Moz or Apache or releases a timely patch to fix security issues, they are applauded? (And don't give me @!#$ about them not releasing patches, what the hell do you think all those little numbers after the '.' are?)
Re: Microsoft releases yet another mega patch: CNN
I understand that all software has issues and all release patches, etc. I think the DISTINCTION is the SEVERITY and FREQUENCY. are you telling me you dont think Microsoft seems to have more of a security problem with IIS than Apache has (using this as a for instance because you brought up apache?)
In fact in the last 5-6 years that I have used Apache EXTENSIVELY, I can recall about THREE SECURITY RELATED ISSUES that affected my installation. Yes they have had patches from time to time and are not still using version 0.1 (as you so aptly point out) but the patches are few and far between and MOST are not COMPLETE REMOTE TAKEOVER OR EXECUTION OF ARBITRARY CODE, etc.
Microsoft has had more issues with IIS than that in the last 5-6 WEEKS.
This is not stuff that just comes from some lame ass bias. Thats just not the case. When issues arise with open source software they are posted here as well. They simply dont have as many issues.
I used to administer a network of several hundred Windows NT servers in several states. The network used NT for application servers (Exchange, Citrix, custom apps) and network services (DNS, MS Proxy Server, IIS, etc). At that same time I had a FEW projects that used AIX with Apache for similar functions to the NT/IIS boxes. I speak from experience when I say that the frequency and severity of Microsoft patches are RIDICULOUS.
Are you implying that Microsoft products are no more prone to security issues and hence patches than open source products? If that is your position then you are flat out wrong. Yeah they all have issues, but the commercial vendors who spout how great their security is all the time and yet have products that suck and CONSTANTLY have exploits and patches have EARNED the extra attention and consternation they get.
Microsoft has a problem with security, even they acknowlege it, its too bad you cant. You should demand better.