lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <E8A3392724A75849B7FA030CAF41A748798195@amserv0.affinity-mortgage.com>
From: rahnemann at affinity-mortgage.com (Robert Ahnemann)
Subject: Bill Gates blames the victim

On Thu, 2003-09-04 at 01:51, Robert Ahnemann wrote:
> >Again, the message is M$ should fix their software.  Trying to
automate
> >the patch cycle without the permission of the user is and still does
> not
> >solve the initial problem.
> 
> Good point, but my emphasis was on people obtaining the patches in the
> first place.  While yes, they might be unreliable, they at least cover
> the publicized exploit.  When was the last time that a worm was
> extensively spread via an undocumented hole, or even a hole that was
> documented and never patched?  MS is good about fixing what it finds.
> Whether or not those fixes cause further issues which require patching
> is a separate issue.  As long as the patch is ahead of the virus,
where
> does the accountability really fall?
>It's great that you think that way...  So the last I heard, a patch
>eventually caused machines all over the place to shut down
>automatically.  From the way you are gushing about the merits of
>patching, I believe you'll rather that happens than that your machine
>gets hacked, while I believe there is realistically no difference, and
>would rather have the machine up for another day/month.

Its not so much that I like to patch.  I personally have never had a
problem with a patch messing up a system here at work.  I'm sure there
are some cases where there might be conflicts, no doubt.  I think you
might be inflating the severity of the 'problems' with any given patch.
I don't think it's straight to compare a patch problem with something
like Nachia or Blaster.  


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ