RE: [Full-Disclosure] Bill Gates blames the victim

["Robert Ahnemann" <rahnemann@xxxxxxxxxxxxxxxxxxxxx>]

On Thu, 2003-09-04 at 01:51, Robert Ahnemann wrote:
> >Again, the message is M$ should fix their software.  Trying to
automate
> >the patch cycle without the permission of the user is and still does
> not
> >solve the initial problem.
> 
> Good point, but my emphasis was on people obtaining the patches in the
> first place.  While yes, they might be unreliable, they at least cover
> the publicized exploit.  When was the last time that a worm was
> extensively spread via an undocumented hole, or even a hole that was
> documented and never patched?  MS is good about fixing what it finds.
> Whether or not those fixes cause further issues which require patching
> is a separate issue.  As long as the patch is ahead of the virus,
where
> does the accountability really fall?
>It's great that you think that way...  So the last I heard, a patch
>eventually caused machines all over the place to shut down
>automatically.  From the way you are gushing about the merits of
>patching, I believe you'll rather that happens than that your machine
>gets hacked, while I believe there is realistically no difference, and
>would rather have the machine up for another day/month.

Its not so much that I like to patch.  I personally have never had a
problem with a patch messing up a system here at work.  I'm sure there
are some cases where there might be conflicts, no doubt.  I think you
might be inflating the severity of the 'problems' with any given patch.
I don't think it's straight to compare a patch problem with something
like Nachia or Blaster.  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html