[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3AD1F04EDB516C4097168A9C08CFFEE60A8BFFA6@shawmail03.shaw.ca>
From: tremaine.lea at sjrb.ca (Tremaine Lea)
Subject: The new Microsoft math: 1 patch for 14 vul
nerabilities, MS04-011
> -----Original Message-----
> From: Ron DuFresne [mailto:dufresne@...ternet.com]
> Sent: Wednesday, April 14, 2004 2:41 PM
> To: Tremaine Lea
> Cc: full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] The new Microsoft math: 1
> patch for 14 vul nerabilities, MS04-011
>
>
>
> [SNIP]
>
> >
> > This merely begs the question, why do they not then release the
> > patches as both? A single "patch'em all" one for single users and
> > those who can afford to implement patches this way, and a
> broken out
> > set of the patch that can be more thoroughly tested in larger scale
> > environments where the big patch solution doesn't work.
> >
>
>
> a major contributing factor is dependencies, and as others
> pointed out we are seeing more and more of that in the linux
> desktop realm as well, and even in the other major unix
> vendor realms too. you can't often fix one little .exe or
> .com file iin an env whence the browser acts as the kernel
> which acts as then shell which acts as an individual
> applicaton that replaces 20 applications once produced by
> various vendors now bought out and sucked into the core
> OS...but, redhat already is the 'windows' of the linux world
> and suse is not far behind if it remains so now.
>
>
> Thanks,
>
> Ron DuFresne
In cases such as you describe, obviously a single patch is preferred. I was
referring more to instances where there are numerous fixes included in a
single patch that could as easily be made available as individual patches.
While I'm a self confessed linux fan, we also have our share of exploits and
users who don't maintain a reasonable level of security on their systems. I
know a large number of linux users who don't subscribe to the mailing lists
for their distro and so are often unaware of a problem until I bring it up
in casual conversation ;) Users are users, and while I like to think that
linux users tend to be more Clued (tm) than Windows users... There are
plenty of glaring exceptions.
Cheers,
Tremaine
Powered by blists - more mailing lists