lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200406080218.i582ITv26519@netsys.com>
From: randallm at fidmail.com (RandallM)
Subject: RE: Full-Disclosure digest, SP2 Problems


Jelmer made this really neat statement:
 
<|>--__--__--
<|>
<|>Message: 5
<|>Date: Mon, 07 Jun 2004 04:17:28 +0200
<|>From: Jelmer <jkuperus@...net.nl>
<|>Subject: RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary
<|>code
<|> (An analysis of the 180 Solutions Trojan)
<|>To: "'Chris Carlson'" <chris@...pucounts.com>
<|>Cc: full-disclosure@...ts.netsys.com
<|>
<|>I haven't installed SP2 yet since I heard a lot of complaints from people
<|>who claimed it caused instability, it had memory management issues, some
<|>drivers didn't work, security measures a bit too much in your face etc
<|>
<|>But I reviewed the list of changes sometime back and I concur, it looks
<|>very
<|>promising, I think in the near future an IE exploit will be a rare
<|>occurrence as opposed to a bi weekly event
<|>
<|>End of Full-Disclosure Digest

My reply:

I have the sp2 after attending the Security Summit 2004. I loaded this on my
test laptop. Glad I did. I would have been very pissed if I had loaded it on
anything else.

First off, if you have McAfee or Norton you no longer are able to update
using auto. It for sure is for the "home" user. If you're expecting
something that you can have a little more control over this is not for you.
One thing that I was afraid of and concerned me due to my mobile users was
the ability to use VPN. It works well and does give you options to select
services for each connection you use.
It did not recognize my virus program being loaded nor give me the option to
point to it. I think that's due to the McAfee incompatibility in someway

I did look for a fix and found this but haven't tried it yet:
______________
The McAfee framework issue is solved easily.
Administrative Tools
Component Service
DCOM conf
Framework service
Right-click -> properties
Set the launch and access permission to Default
Restart pc. McAfee will update properly.
Seems to be an error in the McAfee installer
________________

Then of course there seems to be a slue of areas from web programs to a
warning from Microsoft "that SP2 will break and disrupt existing
applications unless specific code rewrites are made at the developer end".
http://www.internetnews.com/ent-news/article.php/3322381 

I'll test the above for McAfee fix and see if that works.

Randall M


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ