Dailydave mailing list archives
Re: Fwd: RE: We have the enemy, and the enemy is... you
From: Matt <matt () use net>
Date: Fri, 14 Apr 2006 10:16:39 -0700 (PDT)
On Thu, 13 Apr 2006, Alexander Sotirov wrote:
Olef Anderson wrote:Stop with that please! so you are telling me that your 10 person team (an optimistic estimate) will do a better job in hooking vulnerable functions on runtime in order to prevent exploitation and will do a safer and better job than a MS hotfix (which is backed by probably the world's biggest QA department) ?Yes. Microsoft patches usually break 3rd party apps because they disable insecure functionality or add other security enhancements, like tightening permissions or introducing extra authentication checks.
I personally wasn't impressed with Microsoft's inability to patch the even the majority of the RPCRT4.DLL exploitable overflows within the first month of the Blaster worm (and its variants) being active. BugScan detected 35 or so exploitable bugs, only 10 of which were fixed in the first patch. The second patch with about 10 more. XP SP2 and Win2003 SP1 silently fixed a few others. It still doesn't make sense to me because in almost every instance, it looked like literally the same exploitable code that had been copied and pasted many times. I'm not saying I believe in HIPS -- which is utterly bogus, in my opinion -- just disagreeing on MS' ability to patch/test their patches. This is a great thread, btw! :) -- tangled strands of DNA explain the way that I behave. http://www.clock.org/~matt
Current thread:
- RE: We have the enemy, and the enemy is... you Sandy Wilbourn (Apr 13)
- <Possible follow-ups>
- Fwd: RE: We have the enemy, and the enemy is... you Olef Anderson (Apr 13)
- Re: Fwd: RE: We have the enemy, and the enemy is... you Alexander Sotirov (Apr 14)
- Re: Fwd: RE: We have the enemy, and the enemy is... you Matt (Apr 14)
- Re: Fwd: RE: We have the enemy, and the enemy is... you H D Moore (Apr 14)
- RE: Fwd: RE: We have the enemy, and the enemy is... you Dave Korn (Apr 14)
- Re: Fwd: RE: We have the enemy, and the enemy is... you Chris Wysopal (Apr 14)
- RE: RE: We have the enemy, and the enemy is... you Paul Melson (Apr 14)
- RE: RE: We have the enemy, and the enemy is... you Andrew R. Reiter (Apr 14)
- Re: Fwd: RE: We have the enemy, and the enemy is... you Alexander Sotirov (Apr 14)