Wost Case Scenario-Microsoft Update

By design or accident, one of these updates is really some horrible virus?
How do we know a disgruntled insider couldn't do it?

Joe

In article <v9a9b.5065$VS2.4785@pd7tw1no>,
says...
> By design or accident, one of these updates is really some horrible virus?
> How do we know a disgruntled insider couldn't do it?
>
>
>


We don't.




--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

Colonel Flagg

well, as in any corporation there are multiple levels of management and
approval. the code is always triple-checked in other words befoure it
is given the ok to be released.. the only thing that i think could
happen (in theroy) is if someone exploited the server(s) which host the
updates and drop theirs on there.. as far as i know win2k/xp dosen't
check against md5 values from m$ when updating that way soo...



In <v9a9b.5065$VS2.4785@pd7tw1no> Joe wrote:
> By design or accident, one of these updates is really some horrible
> virus? How do we know a disgruntled insider couldn't do it?
>
>
>

flytnx

flytnx <> wrote in
news:20030915000426734-:

> well, as in any corporation there are multiple levels of management
> and approval. the code is always triple-checked in other words
> befoure it is given the ok to be released.. the only thing that i
> think could happen (in theroy) is if someone exploited the server(s)
> which host the updates and drop theirs on there.. as far as i know
> win2k/xp dosen't check against md5 values from m$ when updating that
> way soo...

If this were the case (code triple-checked), why do Microsoft release
code that has vulnerabilities? Not to start a war, but I think your
reasoning that any software released by Microsoft is even checked once
seems a little far-fetched.

Yes, I agree that most corporations have an approval path that includes
QA, but since Microsoft's products operate on so many different systems,
even quite unique systems, the likelihood that they have spent any time
checking either the original code or any subsequent patches on more than
a base unit is rather nil, IMO. Microsoft have a less-than-stellar
track record when it comes to producing bug-free software, so the
possibility of an insider inserting a trojan into an otherwise working
patch doesn't seem very far off the mark.

n1pop@hotmail.com

wrote:
> [...]
> Microsoft have a less-than-stellar track record when it comes to
> producing bug-free software, so the possibility of an insider
> inserting a trojan into an otherwise working patch doesn't seem
> very far off the mark.

Is everybody missing the obvious?
I think the biggest risk is not a trojan, or a nasty bug, but rather
Microsoft releasing a patch to, say, fix this or that buffer overflow
error, and deciding that customer convenience will also be enhanced by
code to track downloads and phone home to MS with the info.

To my mind, that's the most likely scenario: MS deliberately inserting
spyware or somesuch into a patch without any hint of it in the
description.


My two cents,

--
Willondon

Willondon

> Willondon scribbled:
> wrote:
>> [...]
>> Microsoft have a less-than-stellar track record when it comes to
>> producing bug-free software, so the possibility of an insider
>> inserting a trojan into an otherwise working patch doesn't seem
>> very far off the mark.

> Is everybody missing the obvious?

What, that believing Microsoft is out to get you one way or the other
needs to be believed by this forum?
You should try participating it
alt.conspiracy.Microsoft.secret_code_the_evidence.
I have just set it up especially for you.....
Enjoy......

snip.....
--
mlvburke@#%&*.net.nz
Replace the obvious with paradise to email me.
See Found Images at:
http://homepages.paradise.net.nz/~mlvburke

Max Burke