Re: [Full-Disclosure] lame bitching about xpsp2

[Maarten <fulldisc@xxxxxxxxxxxx>]

On Saturday 14 August 2004 22:00, Niek Baakman wrote:
> devis said the following on 8/13/2004 8:01 PM GMT+2:

>
> MS web server full of damn holes? What about apache ?
> What do you think would happen if you do not update your apache for a year,
> or openssh, or any piece of software ?
> What do you think would happen if you did not apply those MaxOSX updates
> which Apple released over the past few months?
> Don't talk about releaking and only mention Microsoft.
> There are opensource programs which have the same track record.

A)  Apache has a way better track record than IIS.  Jeez, it's not even in the 
same ballpark...
B)  Apache does not run in kernelspace. IIS does. Therefore, an apache exploit 
yields unprivileged user access. IIS on the other hand yields full compromise

Oh, and as an aside:  patching often is indeed neccessary, on all platforms.  
But at least MY vendor doesn't take several _months_ to provide such a patch.
Unlike some other vendor we all know.

Maarten

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html