[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0H2P00JHZCZUC3@smtp1.clear.net.nz>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Re: MS-02-052
> Does anybody else find it disturbing that today's JVM patch can only
> be installed through Windows Update, ...
Yes.
And, as a more general point, it is most frustrating for those who
have to admin (or oversee the admin of) Losedows boxes but who have
the option themselves of either not running the MS bug-fest known as
Internet Explorer and/or don't run Losedows themselves that MS takes
this and similar Losedows-centric approaches to patch availability.
It seems that part of "Trustworthy Computing" is that what makes
sense and is useful to those who actually try to practice it in
their day to day endeavours is not taken into account. MS should
make full "network install" kits for all downloadable upgrades,
service packs, etc and should make them readily available from an
easily accessible location and make them obtainable with any
minimally functional "browser" (even wget). Failure to do this (or,
at least to make the locations of such things damned hard to find
when they available) shows just how much MS really cares for your
security -- it seems MS cares enough about it that MS would rather
save some of its plentitude of dimes by reducing their bandwidth
charges...
> ... and the Windows Update site now
> attempts to install an unsigned control
> (http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.cab)
> after informing the user to "click Yes on any Security Warnings that
> pop up"?
8-)
What can we say?
You _are_ talking about Microsoft...
Regards,
Nick FitzGerald
Powered by blists - more mailing lists