Full Disclosure mailing list archives
Re: Office 2000 Vulnerability
From: "Chris Wanstrath" <chrisw () cinci rr com>
Date: Wed, 10 Sep 2003 13:53:57 -0400
Killing a thief and putting him in jail are two radically different punishments and I think everyone can agree that if a thief steals a typical truck but the brakes are out, the potential unintended loss of human life is too high to simply ignore it and let the problem "solve itself," by means of the thief's death. And as far as applying security patches to pirated versions of Windows XP or Office, it's been my experience that there is no problem. My experience, however, is limited to a friend who lost (probably trashed) all of the literature and disks included with his computer. As a result, he thought it would be easier to burn a pirated copy of XP and use that instead of going out and buying another disk. I'm sure this probably violates his license agreement, but my point is that I know for a fact he never had any problems running the standard Windows Update after completely re-formatting and installing the pirate copy. Same with Office. -- Chris Wanstrath : chrisw () cinci rr com LW Consulting : www.lw-consulting.com -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Rainer Gerhards Sent: Wednesday, September 10, 2003 11:11 AM To: Jason Bethune Cc: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Office 2000 Vulnerability
Yes I have seen pirated copies on clients machines that can have SP1 and SP2 applied but it is tricky and not for the novice user. Once SP1 and Sp2 have been applied it can then be updated fully to all the vulnerabilities. I am sure there are tons of pirated copies floating around that the usual user would not have a clue on how to patch them. Whether it is up to m$ to allow these to be patched is a whole kettle of beans that I will assume they would say if you don't pay for it then $crew you.
We are ourselvs selling software. Thus I know the issue. My point is that this way aren't the hurting the community at large more than the pirates? So they may screw the pirate, but in doing so they screw me, a legitimate customer. I also think this is not an MS-only issue. In fact, I need to think about our own policies in this regard... In the real world, would it be OK if you let a thief crush a truck because you know the brakes are broken but you don't tell him? What about the innocent victims that got hit by the truck? Rainer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Office 2000 Vulnerability Michael De La Cruz (Sep 09)
- Re: Office 2000 Vulnerability Nick FitzGerald (Sep 10)
- Re: Office 2000 Vulnerability Dave Howe (Sep 10)
- Re: Office 2000 Vulnerability Nick FitzGerald (Sep 11)
- Re: Office 2000 Vulnerability Dave Howe (Sep 10)
- <Possible follow-ups>
- RE: Office 2000 Vulnerability Rainer Gerhards (Sep 10)
- RE: Office 2000 Vulnerability Jason Bethune (Sep 10)
- RE: Office 2000 Vulnerability Rainer Gerhards (Sep 10)
- Re: Office 2000 Vulnerability Chris Wanstrath (Sep 10)
- Re: Office 2000 Vulnerability Nick FitzGerald (Sep 10)