Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Microsoft Security, baby steps ?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 17 Mar 2004 15:15:31 +1300

Troy <th () zeno com> wrote:

Actually, that CD only includes the updates as of October 2003. It is
not meant as a replacement for security updates, but just to make it
easier to do a clean install of Windows. I suppose part of it is to
lessen the load on Microsoft's Windows Updates servers, ...

Perhaps, but I doubt it...  I can't see the bandwidth costs (at the 
relatively high discount rate MS must get for all its bandwidth) of the 
necessary downloads for all those unpatched users who order this CD 
outweighing the P&P for fulfilling the CD orders.

I think MS has finally realized that while dial-up users are not at all 
likely to get the large security updates (IE version upgrades, OS 
service packs), they can be significant combined part in the overall 
problem of unpatched machines.  This is the easy way for such users to 
"catch up" (it's just a pity that there is such a huge lag between MS 
freezing the disk's contents and pressing and shipping it -- for moost 
Xp users it will arrive about a wek before they face downloading SP2 
and that is likely to be around 150MB I hear...).

... but it does make
re-installing Windows much easier and faster for the average user who
does not know how to slipstream the updates into the Windows install CD.

That is an additional benefit, but I suspect not the main concern...


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]