Politech mailing list archives

More on "If you use Windows, remember to patch your PC"

From: Declan McCullagh <declan () well com>
Date: Thu, 19 Feb 2004 00:00:39 -0500

[I think these criticisms are well-taken. Politech isn't really a greatplace to distribute info on The Embarrassing But Painfully ImportantMicrosoft Security Flaw Of The Day. There are better fora for that. But ifI do send out such an alert, I should include more info. Lesson learned!--Declan]


---

from: dan () geer org
To: Declan McCullagh <declan () well com>
cc: dan () geer org

Subject: Re: [Politech] If you use Microsoft Windows, remember to patchyour PC

In-reply-to: Your message of "Thu, 12 Feb 2004 01:00:20 EST."
             <6.0.0.22.2.20040212004238.02a67aa0 () mail well com>
Date: Thu, 12 Feb 2004 10:53:20 -0500

Don't you think that there is some irony in
>   You must use Microsoft Explorer to install it.
where the implication is that IE has an angle
on local machine control that represents a level
of tight integration with the operating system
that is titularly in violation of the thrust of
the antitrust matter and a working example of
the monoculture risk?

--dan

---

Date: Thu, 12 Feb 2004 14:22:13 +0700
From: emx <emxlists () tstf net>
To: Declan McCullagh <declan () well com>
CC: marc () perkel com
Subject: Re: [Politech] If you use Microsoft Windows, remember to patch your PC

What's the point of this on politech?

It is useless, innacurate, vague and ... completely unrelated to politech
topics

if the author is referring to the latest vulnerability discovered by
eEye and announced on public security mailing list Bugtraq yesterday,
then yes, it's one more vulnerability - but they come at least once a
month so what's the big news? it's just one more day in the computer
security world.

if people need computer security advice, they can refer to the
appropriate forums. there is nothing more harmful than security
advices delivered by people without security knowledge. would you take
a particular prescription medecine if your pal who never studied
medecine told you to do it?

---

Date: Thu, 12 Feb 2004 10:57:21 -0500 (EST)
From: Jim Huggins <jhuggins () kettering edu>
To: Declan McCullagh <declan () well com>
Subject: Re: [Politech] If you use Microsoft Windows, remember to patch your
 PC

Let me say right off the bat that this is a legitimate warning, and I'm
sure that Marc Perkel is an honorable, knowledgeable person.  (I've never
met Marc, of course, but I have no reason to doubt that.)

Still, I noticed in myself over the last week as I was patching my systems
a certain apathy in my attitude towards the patch.  Sure, every major
media outlet (not to mention all of my mailing lists) seems to be warning
me to patch my systems.  But I've heard this warning *so many times* that
my reaction now is more along the lines of "yeah, yeah, heard it all
before, stupid MS-Windows patch, I'll do it when I darn well feel like
it".  Microsoft has cried "Patch Me!" so many times that I feel a little
like the villagers listening to the boy crying "Wolf!", wondering when I
should really care and when I shouldn't.

I wonder if anyone else is feeling that same level of apathy developing,
or seeing it develop in others.

I also wonder about the nature of our warnings.  While I can understand
the desire to explain the problems in a non-technical manner, I fear we
can go too far in that regard.  For example, Marc said in his message:

        > Virus Warning for Windows Users - Very Serious

        > Microsoft has yet another very serious security flaw that gives
        > anyone with the right know how total access to your computer. I
        > don't know all the details - but it might be the biggest one
        > yet. If you remember the SoBig and Code Red viruses last fall -
        > this one will similar

My first reaction on seeing this was to say "gee, yet another urban legend
... unverifiable source, no details, vague threats of harm, requests to
post as many places as possible."  I've spent a lot of time educating my
friends on the nature of urban legends ... I'd hate for them to start
ignoring legitimate warnings because they look like urban legends.

Just my $.02.

--Jim Huggins

---

Date: Fri, 13 Feb 2004 22:35:52 -0500 (EST)
Subject: Re: [Politech] If you use Microsoft Windows,
      remember to patch your PC
From: "White, Matt" <mattw () cotse net>
To: "Declan McCullagh" <declan () well com>
Reply-To: mattw () cotse net

This type of non-substantive "virus" warning is not useful and will only
cause confusion.  There is no "virus" at this time; a security hole was
discovered and patched, that is all.

I enjoy the privacy/technology news that you pull together in Politech but
this type of warning is not helpful or needed.  There isn't even a link to
Microsoft's security bulletin or a notice from SecurityFocus.

Matt

---

Date: Fri, 13 Feb 2004 02:11:47 +0100
From: chefren <chefren () pi net>
To: Declan McCullagh <declan () well com>
Subject: Re: [Politech] If you use Microsoft Windows, remember to patch your

On 02/12/04 07:00, Declan McCullagh wrote:

---
Date: Wed, 11 Feb 2004 10:02:29 -0800
From: Marc Perkel <marc () perkel com>
To: Declan McCullagh <declan () well com>
Subject: Yet another Microsoft Security Flaw


"Relax" there are numerous flaws, not just one.

http://www.eeye.com/html/Research/Upcoming/index.html

That's just one list of one company, look with Google for "Cuartango" or"Guninski" or combinations with eEye to find others.


Please stop thinking and publishing about patching your MS OS and buying
clueless anti-virus stuff that by default is too late for serious
threats that =exist=.

With MS software you prove every day again and again that you don't take
the data on your computer as wired to the Internet serious. Data send to

you by friends and business relations fully exposed by you to any bad guywho really wants it.


+++chefren

---

Date: Thu, 12 Feb 2004 07:08:15 -0600
From: Jim Smilanich <jsmilan () tiny net>
Reply-To: jsmilan () visi com
Subject: [Fwd: [Politech] If you use Microsoft Windows, remember to patch
 your PC]
Content-Type: multipart/mixed;


All;

Here is the link to the original report for this particular bug for thoseof you who aren't as anal as I am about following security announcements.

http://www.eeye.com/html/Research/Advisories/AD20040210.html

Note that the security company reported the problem over 6 MONTHS ago.

Worse, this particular bug is a trivial one to test for and patch. In theopinion of one well respected computer security researcher, Microsoft was"inexcusably negligent" in taking so long to repair the problem.

This one will be trivial for the hackers to exploit. We will see exploitsin the wild very quickly. Please visit


http://windowsupdate.microsoft.com

and update the Critical patches as soon as possible.


Thanks,

Jim


_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

Current thread:

More on "If you use Windows, remember to patch your PC" Declan McCullagh (Feb 18)