Wost Case Scenario-Microsoft Update

Discussion in 'Computer Security' started by Joe, Sep 15, 2003.

  1. Joe

    Joe Guest

    By design or accident, one of these updates is really some horrible virus?
    How do we know a disgruntled insider couldn't do it?
    Joe, Sep 15, 2003
    #1
    1. Advertising

  2. In article <v9a9b.5065$VS2.4785@pd7tw1no>,
    says...
    > By design or accident, one of these updates is really some horrible virus?
    > How do we know a disgruntled insider couldn't do it?
    >
    >
    >



    We don't.




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Sep 15, 2003
    #2
    1. Advertising

  3. Joe

    flytnx Guest

    well, as in any corporation there are multiple levels of management and
    approval. the code is always triple-checked in other words befoure it
    is given the ok to be released.. the only thing that i think could
    happen (in theroy) is if someone exploited the server(s) which host the
    updates and drop theirs on there.. as far as i know win2k/xp dosen't
    check against md5 values from m$ when updating that way soo...



    In <v9a9b.5065$VS2.4785@pd7tw1no> Joe wrote:
    > By design or accident, one of these updates is really some horrible
    > virus? How do we know a disgruntled insider couldn't do it?
    >
    >
    >
    flytnx, Sep 15, 2003
    #3
  4. Joe

    Guest

    flytnx <> wrote in
    news::

    > well, as in any corporation there are multiple levels of management
    > and approval. the code is always triple-checked in other words
    > befoure it is given the ok to be released.. the only thing that i
    > think could happen (in theroy) is if someone exploited the server(s)
    > which host the updates and drop theirs on there.. as far as i know
    > win2k/xp dosen't check against md5 values from m$ when updating that
    > way soo...


    If this were the case (code triple-checked), why do Microsoft release
    code that has vulnerabilities? Not to start a war, but I think your
    reasoning that any software released by Microsoft is even checked once
    seems a little far-fetched.

    Yes, I agree that most corporations have an approval path that includes
    QA, but since Microsoft's products operate on so many different systems,
    even quite unique systems, the likelihood that they have spent any time
    checking either the original code or any subsequent patches on more than
    a base unit is rather nil, IMO. Microsoft have a less-than-stellar
    track record when it comes to producing bug-free software, so the
    possibility of an insider inserting a trojan into an otherwise working
    patch doesn't seem very far off the mark.
    , Sep 15, 2003
    #4
  5. Joe

    Willondon Guest

    wrote:
    > [...]
    > Microsoft have a less-than-stellar track record when it comes to
    > producing bug-free software, so the possibility of an insider
    > inserting a trojan into an otherwise working patch doesn't seem
    > very far off the mark.


    Is everybody missing the obvious?
    I think the biggest risk is not a trojan, or a nasty bug, but rather
    Microsoft releasing a patch to, say, fix this or that buffer overflow
    error, and deciding that customer convenience will also be enhanced by
    code to track downloads and phone home to MS with the info.

    To my mind, that's the most likely scenario: MS deliberately inserting
    spyware or somesuch into a patch without any hint of it in the
    description.


    My two cents,

    --
    Willondon
    Willondon, Sep 15, 2003
    #5
  6. Joe

    Max Burke Guest

    > Willondon scribbled:
    > wrote:
    >> [...]
    >> Microsoft have a less-than-stellar track record when it comes to
    >> producing bug-free software, so the possibility of an insider
    >> inserting a trojan into an otherwise working patch doesn't seem
    >> very far off the mark.


    > Is everybody missing the obvious?


    What, that believing Microsoft is out to get you one way or the other
    needs to be believed by this forum?
    You should try participating it
    alt.conspiracy.Microsoft.secret_code_the_evidence.
    I have just set it up especially for you.....
    Enjoy......

    snip.....
    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke
    Max Burke, Sep 15, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michael Voight

    Re: Scenario

    Michael Voight, Jul 19, 2003, in forum: Cisco
    Replies:
    3
    Views:
    768
  2. Trond Hindenes
    Replies:
    0
    Views:
    1,145
    Trond Hindenes
    Jul 22, 2003
  3. Dejan Gambin
    Replies:
    0
    Views:
    728
    Dejan Gambin
    Oct 16, 2003
  4. Afshin

    NAT on DVB based scenario

    Afshin, Oct 22, 2003, in forum: Cisco
    Replies:
    0
    Views:
    377
    Afshin
    Oct 22, 2003
  5. Best-Case Scenario

    , Jan 25, 2006, in forum: Computer Security
    Replies:
    0
    Views:
    466
Loading...

Share This Page