| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Re: MS-02-052 > Does anybody else find it disturbing that today's JVM patch can only > be installed through Windows Update, ... Yes. And, as a more general point, it is most frustrating for those who have to admin (or oversee the admin of) Losedows boxes but who have the option themselves of either not running the MS bug-fest known as Internet Explorer and/or don't run Losedows themselves that MS takes this and similar Losedows-centric approaches to patch availability. It seems that part of "Trustworthy Computing" is that what makes sense and is useful to those who actually try to practice it in their day to day endeavours is not taken into account. MS should make full "network install" kits for all downloadable upgrades, service packs, etc and should make them readily available from an easily accessible location and make them obtainable with any minimally functional "browser" (even wget). Failure to do this (or, at least to make the locations of such things damned hard to find when they available) shows just how much MS really cares for your security -- it seems MS cares enough about it that MS would rather save some of its plentitude of dimes by reducing their bandwidth charges... > ... and the Windows Update site now > attempts to install an unsigned control > (http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.cab) > after informing the user to "click Yes on any Security Warnings that > pop up"? 8-) What can we say? You _are_ talking about Microsoft... Regards, Nick FitzGerald
Powered by blists - more mailing lists