Re: Security in different XP versions - breaking news

From: Fuzzy Logic (bob_at_arc.ab.caREMOVETHIS)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 12:23:36 -0700

"Fr. Gregory Hallam" <orthnospam@clara.net> wrote in
news:e8kYWqZoEHA.516@TK2MSFTNGP09.phx.gbl:

> Fuzzy Logic wrote:
>> "Fr. Gregory Hallam" <orthnospam@clara.net> wrote in
>> news:OKoeZkYoEHA.556 @tk2msftngp13.phx.gbl:
>>
>>
>>>Now that MS has announced that it will only protect XP SP2 browsers
>>>.... see here ...
>>>
>>>http://news.zdnet.com/2100-3513_22-5378366.html
>>>
>>>.... will it only be SP2 that delivers the fixes or the humble "old"
>>>original XP Home as well for users such as myself who don't want to
>>>upgrade to SP2?
>>
>>
>> Also here:
>>
>> http://news.com.com/2102-1032_3-5378366.html
>>
>> I think the sidebar from the above link with this quote pretty much
>> sums it up:
>>
>> "Should Ford have gone back and retrofitted every Pinto with anti-lock
>> brakes when the technology came out? Should OnStar be available for
>> 1989 Dodge Aries K cars? If you want the new technology, you have to
>> stay current with the new products."
>> --unknown
>>
>> Note there are third party solutions. Avant offers a nice shell that
>> offers pop-up blocking, tabbed browsing and many other security and
>> user enhancements. Many people will say just use Firefox.
>>
>
> Dear Fuzzy Logic
>
> My policy is always, where prudent, to keep my OS uptodate. However,
> SP1 and to a greater extent SP2 introduced features and issues that I
> just don't want or need. This is especially the case with SP2 where MS
> seems to have made a judgement that if the pack breaks some other
> software; well, too bad.

There are lots of situations where 'upgrades' get you things you don't
want. If you've ever bought a new vehicle you know it can be quite
infuriating when, for example, you to have to get the heated seats with
the sunroof when you really only want the sunroof.

I also work with VMS systems and the situation for various patches is no
different. Occaisionally a patch breaks another product and we need to get
an update from another vendor (generally free) to correct the problem the
patch created. You cannot realistically expect the makers of the OS to
test for every possible piece (and version) of software that may run on
their systems.

> Software companies make money through the upgrade cycle. Why should I
> upgrade an OS that forces me to upgrade other software when I can get
> the really crucial security patches from the Windows Update site
> separately? In SP2 is, in effect, a new OS (as some have said and
> weighing in at nearly 80Mb that seems to be the case) why are MS using
> the vulnerabilities of their own software as a stick to beat their
> customers back into the upgrade merry go round? Do I have confidence
> that SP2 is staying one step ahead of the game in the battle for
> security? That has been a promise made and broken before. Meanwhile
> the hapless consumer keeps on throwing good money after sub-standard
> products. If we were getting a new IE browser rather than a patchworked
> quilted old browser, I might be persuaded. I am not. MS and the other
> software companies might make more money if it followed through on
> licensing software rather than outright selling it.

Microsoft doesn't sell their software. They sell you a license to use
their software.
 
> My original question remains unanswered though.
>
> Will regular non-service-packed XP users be able to download patches (as
> hitherto) separately from the Update site or will they HAVE to upgrade
> to SP2 (with all the attendant problems) to get them?
>
> This is a binary answerable question.

I can't really answer for Microsoft but I suspect the answer is, it
depends. Some new patches will require features that were added in
previous service packs and won't be available unless you have the required
components.

Relevant Pages

  • Re: To Anyone who has Internet Explorer Installed or any other browser (Everybody)
    ... > Try and imagine if MS required a full upgrade each time ANY flaw ... vulnerability you listed above includes patches for versions of IE ... But hey...might as well make this post into "Big bad Microsoft", ...
    (alt.computer.security)
  • Re: Bad sectors... how bad?
    ... > complexity contains bugs and software written to fix bugs will contain ... >> and the $100 upgrade is that the upgrade looks for previous installs. ... online to fully update all the patches. ... > So when a vulnerability is found you want to remain vulnerable for 6 ...
    (alt.comp.hardware.pc-homebuilt)
  • Re: Estimate on how much money weve saved because of .Net
    ... you truly have no other choice but to re-write. ... giving them a viable upgrade path), whether they needed to or not. ... Old technology dies, new technology ... keep in mind that it's at the expense of their developers. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Bad sectors... how bad?
    ... > Dude, linux is free, if MS want's to start giving away their OS's I'll ... >>> and the $100 upgrade is that the upgrade looks for previous installs. ... > online to fully update all the patches. ... >> So when a vulnerability is found you want to remain vulnerable for 6 ...
    (alt.comp.hardware.pc-homebuilt)
  • A NEW INTERNET IS COMING! - Web 2.0 Full Internet Upgrade -
    ... I found this new FULL INTERNET UPGRADE technology that is about to ... We have members from all over the world. ...
    (rec.photo.digital)