[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011
- To: Ron DuFresne <dufresne@xxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] The new Microsoft math: 1 patch for 14 vul nerabilities, MS04-011
- From: Tremaine Lea <tremaine.lea@xxxxxxx>
- Date: Wed, 14 Apr 2004 14:45:57 -0600
> -----Original Message-----
> From: Ron DuFresne [mailto:dufresne@xxxxxxxxxxxxx]
> Sent: Wednesday, April 14, 2004 2:41 PM
> To: Tremaine Lea
> Cc: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: RE: [Full-Disclosure] The new Microsoft math: 1
> patch for 14 vul nerabilities, MS04-011
>
>
>
> [SNIP]
>
> >
> > This merely begs the question, why do they not then release the
> > patches as both? A single "patch'em all" one for single users and
> > those who can afford to implement patches this way, and a
> broken out
> > set of the patch that can be more thoroughly tested in larger scale
> > environments where the big patch solution doesn't work.
> >
>
>
> a major contributing factor is dependencies, and as others
> pointed out we are seeing more and more of that in the linux
> desktop realm as well, and even in the other major unix
> vendor realms too. you can't often fix one little .exe or
> .com file iin an env whence the browser acts as the kernel
> which acts as then shell which acts as an individual
> applicaton that replaces 20 applications once produced by
> various vendors now bought out and sucked into the core
> OS...but, redhat already is the 'windows' of the linux world
> and suse is not far behind if it remains so now.
>
>
> Thanks,
>
> Ron DuFresne
In cases such as you describe, obviously a single patch is preferred. I was
referring more to instances where there are numerous fixes included in a
single patch that could as easily be made available as individual patches.
While I'm a self confessed linux fan, we also have our share of exploits and
users who don't maintain a reasonable level of security on their systems. I
know a large number of linux users who don't subscribe to the mailing lists
for their distro and so are often unaware of a problem until I bring it up
in casual conversation ;) Users are users, and while I like to think that
linux users tend to be more Clued (tm) than Windows users... There are
plenty of glaring exceptions.
Cheers,
Tremaine
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html