× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2003

Re: New M$ vulnerability patch for Windows

The updates bother me because the street talk is that Fixes include various
protection schemes that MS wants installed like their media player spy ware
and phone home ware.  I have also have experienced file extension default
programs being changed, software that is competitive to MS suddenly become
slower or fail all together.   

 
 
---------------------------------------------------------
Booth Martin   http://www.MartinVT.com
Booth@xxxxxxxxxxxx
---------------------------------------------------------
 
-------Original Message-------
 
From: Midrange Systems Technical Discussion
Date: Thursday, September 11, 2003 08:06:36
To: Midrange Systems Technical Discussion
Subject: Re: New M$ vulnerability patch for Windows
 
> I have a theory that if you religously apply the updates and dont open
> attachments, then you cant be hacked and dont need a firewall. I hope
> someone else can prove if that is wrong or not.
That is wrong....email is only one of the methods of delivery, so not
opening
attachments shuts only one door. Yesterday's announcement by MS, indicated
they missed fixing the same general area (RPC) that Blaster got in, and
expected attacks to
start within hours. Not quite like Blaster, where MS claimed it's patch had
been
out for months.
 
btw- I was down a service pack for XP, so I updated yesterday, then went
back and
checked for updates, found fixes for the service pack and security fixes -
and updated, then went back and found several more security fixes. They seem
not to have mastered "supercede" like
our iSeries ptf's, so loading one set of fixes can trigger more required
fixes needed the very next time into Windows Update.
 
Also, when doing Windows Update, they have the "Critical Fixes", and the
there can be more
security fixes under your OS (Windows XP fixes for me), and more fixes under
Office Products, including many more security fixes.
 
Steve, of top of my head - outside of attachments:
any compromised website can do a scripting attack, plant trojans, etc. How
do you tell the diff between a marketing program and a trojan?
Port scanning will lead to direct attacks thru socket programs.
Word docs, Excel, etc from customers, co-workers may be infected and can
launch.
And it doesn't take an attachment for email to launch.
I'm on dsl, and use zone alarm pro. All day long it is blinking, blocking
the port scans.
 
jim
 
----- Original Message -----
From: "Steve Richter" <srichter@xxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, September 11, 2003 8:11 AM
Subject: RE: New M$ vulnerability patch for Windows
 
 
> I use windows automatic update, which for reasons I cant explain is not
> always automatic. So every week I visit the windows update site and
> download all the w2k updates. So far I have not been burned by any faulty
> updates.
>
> I have a theory that if you religously apply the updates and dont open
> attachments, then you cant be hacked and dont need a firewall. I hope
> someone else can prove if that is wrong or not.
>
> -Steve

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.