lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 25 Aug 2006 16:13:15 +0100
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft product vs Microsoft patch

On 8/25/06, John Dietz <www.whitewolf@...il.com> wrote:
> Please correct me if I am wrong but I believe the numbers n3td3v is
> looking for is how much code size the patches ADD to the system, not
> the actual size of the patches themselves.  Though I tend to agree
> that it doesn't really prove anything, I have to admit I myself am
> quite curious about these figures and someone with the time and
> resources available should have no problem compiling these figures.
> All you would have to do is take a base install of Windows, say Win.
> 2K SP0, do a clean install on a freshly formatted HDD, run disk
> cleanup, or what ever tool is your favorite, to get rid of any stray
> bloat installer files, and then examine the dist and record disk usage
> to get your baseline.  Then apply all service packs (DO NOT ARCHIVE)
> and updates to the system to get the system completely up to date and
> run your disk cleanup utility again and then record the difference in
> disk usage.  You might also want to do the same with Win XP.  My
> suspicion is it probably isn't near as large of a size difference as
> some might think.  If I had the time, I would do this myself, but I
> would be interested in the data if anyone out there feels like taking
> on this task.
>
> Cheers,
>
> John

Thank you for your public support John, lots of people want this
information published too. My inbox off list is full of people willing
to help. Thank you for your kind words. Valdis is just a bully because
he has years more experience than I do so he can win little FD
discussions with his technical knowledge :)


> On 8/24/06, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
> > On Thu, 24 Aug 2006 20:14:03 BST, n3td3v said:
> >
> > > I believe for their operating system and their web browser Microsoft patches
> > > take up half or all the original size of the Microsoft product.
> >
> > So? What's that actually *prove*?
> >
> > > I don't have the resources to carry out this study on my own, and I know
> > > some folks do have those resources to release such information to the
> > > security community.
> > >
> > > We need this information to be published professionally so its suitable for
> > > media outlet consumption.
> >
> > No, you don't.

Hello Valdis, can you read some (non-technical) politcal spin I made
here: http://news.com.com/5208-7350-0.html?forumID=1&threadID=20565&messageID=177818&start=-1
it helps you understand whats going on :) I can't be arsed copy &
pasting it here so yeah click on the link! cheers

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ