, 2004-09-07
Eager to tarnish Microsoft's shiny new Service Pack 2, the security press managed to spin the most thin and marginal issues into "gaping holes" and "security craters."
Expand all |
Post comment
|
Feast of Egos
, 2004-09-07 Eager to tarnish Microsoft's shiny new Service Pack 2, the security press managed to spin the most thin and marginal issues into "gaping holes" and "security craters."
Expand all |
Post comment
|
|
|
Privacy Statement |
Think about it - what was this trying to protect? It's trying to prevent easily dropped files from being easily executed on a system. Introducing a clueless user to the command prompt, and getting him to find a file, and then execute it is no trivial task. This is a functionality that was there before - it is hardly new. If this is a hole, it's a little divot. This "hole" will never make the list of things I'm worried about.
As far as the Security Center vulnerability, go back to the part where code already needed to execute on the system as admin to do this. The "holes" necessary to make this happen are the problems. This is just part of covering tracks, and is a symptom, not a problem.
SP2 is a huge step in the right direction. Nobody claimed it was perfect. It is, however, the first time Microsoft was willing to break applications - piss off vendors and customers alike - in favor of security. For the multitudes of us who have been asking them for something like this, let's be smart and use it. Find the real holes, and address them. Let's keep our eye on the ball here...
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/265/28391#28391