-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of xtrecate
Ultimately what difference to an end user does it make if the
applications
are broken by a service pack install or a virus?
None at all. But the user has control over installing service packs.
And the
user should have read the warnings BEFORE installing it, not after
they discover
something is broken.
I think the update
provides some long needed changes to the fundamental
operation of Windows,
however if Microsoft knew of the potential problems via RC2
testing, I'd
have thought they'd do a little more to rectify those
problems than simply
releasing and disclaiming.
Most of those problems are a result of a very simple problem. For
certain
security issues, it is possible to remain compatible with old,
generally poorly
written code, or to fix the security problem, but not both. There are
some
security issues that simply could not be fixed without creating
compatibility
issues. The data execution issue is one clear example; making blocks
of memory
allocated for data non-executable is a very effective way of
preventing buffer
overrun exploits from executing arbitrary code. The downside is that
software
(such as DivX) that intentionally tries to execute data won't work
anymore.
Given the choice between a secure system and a few badly written
programs, I'd
rather take the secure system and let the developers of those few
programs that
don't work due to lazy coding fix their products. Microsoft has in the
past
always taken the route of less security and more compatibility, and I,
for one,
think it's a good thing that their attitude has changed somewhat.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html