|
Posted by Kerry Brown on January 7, 2006, 10:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
> cquirke (MVP Windows shell/user) wrote:
>> On Thu, 5 Jan 2006 21:33:29 -0000, "Stephen Howe"
>>
>>> I know that you are a MS MVP. That does not mean that you
>>> HAVE TO only provide Microsoft based solutions. If someone
>>> has a problem, and it is security related, please suppl the
>>> BEST solution and not just a Microsoft solution.
>>
>> Speaking as an MVP you were prolly not replying to, I'd assert
>> that'swhat I do, and what many (if not most) MVPs do. In my case,
>> I've always advocated Eudora rather than MSware as a safer email
>> solution, as part of risk managements that go beyond what MS have
>> thought of or embraced.
>>
>> When it comes to 3rd-party patches, a lot of the worry is in terms of
>> whether the patch realy is the one you thought you were getting. We
>> advocate against accepting patches via email or downloaded from
>> arbitrary sites, whether these purport to be from MS or not.
>>
>> In the case of the original (3rd-party) WMF patch, access has been
>> complicated by the original "blog" URL dying due to traffic, and thus
>> the need to use alternate links. What links? How did you find them?
>> Are they really to the patch, or some malware opportunist?
>>
>> Having said all that, the patch itself looks good (I used it) but we
>> are talking about the first item from a vendor we haven't dealt with
>> before. As avendor, MS has a track record long enough to demonstrate
>> they aren't perfect (e.g. the '711 patch debacle) but also long
>> enough to quantify the likeyhood of risk. With an unknown vendor,
>> that risk is unquantified, though adoption by respected bodies bodes
>> well. Right now, I'm walking the walk that I would advise against; I
>> installed the MS patch on top of the original one, ran around a bit
>> (shallow testing, unchallenged by exploits) and then uninstalled the
>> 3rd-party patch. SF,SG, but obviously I'd advice uninstalling the
>> original patch before installing the MS one.
>>
>
> I balked at the idea of installing that patch. Yes, I did go around
> un-registering and renaming the DLL file, but I did not install that
> "saviour from out-of-the-blue who are you" patch. If Windows needs a
> patch, I let Microsoft do it - it's their baby.
And installing anti-virus apps, anti-malware apps, or drivers from unknown
hardware manufacturer's is safer? They all hook very deep into Windows and
may alter or replace Microsoft files. The patch came from a known source in
the security field. Many very respected security and programming experts
tested the patch and analysed the source, which was readily available.
Installing it wasn't as risky as installing that web cam driver from some
unknown company with no known means of contact. I find it very funny that
many people who regularly install freeware software and hardware drivers
from whatever they buy without a second thought balked at installing that
patch.
Kerry
| 
XML site map