Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: MS are doing Windows Updates for XP to IE7
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 30 Oct 2006 12:48:13 +1300

Valdis.Kletnieks () vt edu to Charles Hamby:

It seems to me that all you need to do is set Automatic Updates to tell you
when new patches are ready and then tell it to ignore IE7 if you don't want it.

Well, yes, if you are (a) clued and (b) know it's coming. If you've got it
set to download-and-install at 3AM every Wednesday morning, you may be in for
a surprise....

If you're _NOT_ clued enough to know better then you "deserve" the 
automatic, silent IE 7 "upgrade".

MS got this right.  True, it took about six years of nearly everyone 
with any clue outside MS beating the snot out of MS each time there was 
a massive "whoopsie" due to the fact they did not have something like 
this capabaility, or did but it was not the configured default, but 
eventually even MS came to see that it should not be responsible for 
allowing those too stupid to not know any better to keep shooting off 
both their feet each time there was an ItW exploit for an "old" Windows 
remote arbitrary code exploit.

_AND_, the world has been a better (still far from perfect, but better) 
place since SP2 started to roll-out and change default WU configs to 
the then-new default of "auto-download and install".

If you're too stupid to know to change it, it is precisely the kind of 
thing you need _and_ the rest of the world should be thankful for.


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]