Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [in] Re: IE is just as safe as FireFox
From: "joe" <mvp () joeware net>
Date: Mon, 15 Nov 2004 13:37:13 -0500

I think that this corporate policy will have far more impact on your company
than on Microsoft. As more and more people and companies deploy XP2, it
makes me wonder if you should just consider leaving the Microsoft market

As to why it isn't on Windows Update... I would guess that is because not
everyone is running your software or software that is impacted by what you
are complaining about. I have been running XP2 on several machines for some
time now and have no issues with it on them. My work laptop isn't running
XP2 but that is simply because I am waiting for the corporate go ahead once
they finish regression testing all apps. I have a virtual machine on the
laptop running XP2 that I have been testing it with the corporate network
and everything seems to be fine there. 

My question would be, did your app break only on the final release or did
you guys just ignore the public beta figuring you didn't need to test your
product because it was, IYO, MS's responsibility to make sure you worked
after the update? Does your company as a whole feel attempts at securing
machines shouldn't be attempted by Microsoft? I am curious what this says
about your company's take on security is.


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Gregory Gilliss
Sent: Sunday, November 14, 2004 12:39 PM
To: full-disclosure () lists netsys com
Subject: Re: [in] Re: [Full-disclosure] IE is just as safe as FireFox

One comment about XP2 - the company where I work (which produces security
networking appliances) has a corporate policy - we do not support XP2. Sales
hates this (because all the numbnuts out there are pulling SP2 down with
autoupdate and they have no clue what they have brought upon themselves) but
since M$ was so idiotic as to disable the network functionality that allows
reverse proxies to function properly (and I'm not talking about Juniper's
back door where they pipe things straight through) it basically makes my
company's (and every other company's) product break.

The really dumb part is that M$ has a patch for their misdeeds and a
knowledge base article and everything - but it's not incoroporated into
autoupdate. Wonder why they would not include that fix for SP2 in
autoupdate? Maybe they *want* to break other company's products?
Nah ... <G>


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]