In article <eJ16R$dEGHA.2300@TK2MSFTNGP15.phx.gbl>, Michael Stevens
<mstevens@bogusmvps.org> wrote:

> MS will always have the official advisory to not apply any non-ms patch, but
> does anyone think the leaked patch was leaked? LOL

What are you implying?
It isn't clear at all which 'patch' you are writing about, but I see no
reason to imagine that Microsoft created ANY solution to this problem
yet -- only a lot of resistance from them to do anything about it.

Even if they did create a patch that got distributed before they
wanted, it doesn't alleviate any of the blame they deserve for not
getting the thing out and distributed to every user.

>>>Even if they did create a patch that got distributed before they
wanted, it doesn't alleviate any of the blame they deserve for not
getting the thing out and distributed to every user.

MS are damned if they do and damned if they don't.

The official word from online news outlets is that MS has written a patch.
The delay is in getting it thoroughly tested, esp on corporate networks.

MS says that customer feedback over the years has strongly indicated that
users want thoroughly tested patches distributed rather than urgent fixes
which may have problems later.

--
Regards

John Waller

When MS say customers they mean large corporations.

--
--------------------------------------------------------------------------------------------------
Goodbye Web Diary
http://margokingston.typepad.com/har....html#comments
=================================================
"John Waller" <johnw@REMOVETHISpinnacleweb.com.au> wrote in message news:%231MbLzeEGHA.3612@TK2MSFTNGP11.phx.gbl...
>>>>Even if they did create a patch that got distributed before they
> wanted, it doesn't alleviate any of the blame they deserve for not
> getting the thing out and distributed to every user.
>
> MS are damned if they do and damned if they don't.
>
> The official word from online news outlets is that MS has written a patch.
> The delay is in getting it thoroughly tested, esp on corporate networks.
>
> MS says that customer feedback over the years has strongly indicated that
> users want thoroughly tested patches distributed rather than urgent fixes
> which may have problems later.
>
> --
> Regards
>
> John Waller
>
>

In news:050120060102130223%mitch@hawaii.rr,
Mitch <mitch@hawaii.rr> replied with a ;-)
> In article <eJ16R$dEGHA.2300@TK2MSFTNGP15.phx.gbl>, Michael Stevens
> <mstevens@bogusmvps.org> wrote:
>
>> MS will always have the official advisory to not apply any non-ms
>> patch, but does anyone think the leaked patch was leaked? LOL
>
> What are you implying?
> It isn't clear at all which 'patch' you are writing about, but I see
> no reason to imagine that Microsoft created ANY solution to this
> problem yet -- only a lot of resistance from them to do anything
> about it.
>
> Even if they did create a patch that got distributed before they
> wanted, it doesn't alleviate any of the blame they deserve for not
> getting the thing out and distributed to every user.

Well you snipped the part of my post that explained what I was implying. I
was replying to the OP and giving feedback on my experience with the Ilfak
Guilfanov patch wmffix patch. I wasn't laying blame on Microsoft, I was just
giving my take on the situation. I do not think MS is the god of computing
and understand when they say something is not supported you should realize
it is only MS that does not support it and there are many reasons unrelated
to technical aspects that influences the MS advisory.
When an open source patch like this one, that has been securitized by a much
larger base of computer experts than the patch MS releases signs off on it,
I feel just as safe and secure as one I would get from a daily update from
Avaste, Trend, AVG, Norton, etc. Why should I place a higher value of trust
on MS for a patch that only they sign off on opposed to one that a much
larger testing base signed off on as safe and effective.
I agree about their policy on how they release patches, patches should be
released as soon as they effectively fix the problem. They should not be
released on a schedule. There is no excuse for intenti
onally letting an OS be venerable to attacks that could have been avoided.
--
Michael Stevens MS-MVP XP
xpnews@bogusmichaelstevenstech.com
http://www.michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://www.michaelstevenstech.com/ou...snewreader.htm

If your read Ilfak's interview on the patch, he went out of his way to not
make any comments against Microsoft & it's policy on patches. He did
state several times that he posted the Source code so it's integrity could
be established by those that can do so. I really can't see what the issue
is with using an "interim" solution. When Tuesday comes around, I'll do
an uninstall on the WMFHotFix and use the official one from MS. To me
it's like using a "Spare" tire, until the normal use one is fixed.

"Michael Stevens" <mstevens@bogusmvps.org> wrote in message
news:eMnr3ffEGHA.208@tk2msftngp13.phx.gbl...
> In news:050120060102130223%mitch@hawaii.rr,
> Mitch <mitch@hawaii.rr> replied with a ;-)
>> In article <eJ16R$dEGHA.2300@TK2MSFTNGP15.phx.gbl>, Michael Stevens
>> <mstevens@bogusmvps.org> wrote:
>>
>>> MS will always have the official advisory to not apply any non-ms
>>> patch, but does anyone think the leaked patch was leaked? LOL
>>
>> What are you implying?
>> It isn't clear at all which 'patch' you are writing about, but I see
>> no reason to imagine that Microsoft created ANY solution to this
>> problem yet -- only a lot of resistance from them to do anything
>> about it.
>>
>> Even if they did create a patch that got distributed before they
>> wanted, it doesn't alleviate any of the blame they deserve for not
>> getting the thing out and distributed to every user.
>
> Well you snipped the part of my post that explained what I was implying.
> I was replying to the OP and giving feedback on my experience with the
> Ilfak Guilfanov patch wmffix patch. I wasn't laying blame on Microsoft, I
> was just giving my take on the situation. I do not think MS is the god of
> computing and understand when they say something is not supported you
> should realize it is only MS that does not support it and there are many
> reasons unrelated to technical aspects that influences the MS advisory.
> When an open source patch like this one, that has been securitized by a
> much larger base of computer experts than the patch MS releases signs off
> on it, I feel just as safe and secure as one I would get from a daily
> update from Avaste, Trend, AVG, Norton, etc. Why should I place a higher
> value of trust on MS for a patch that only they sign off on opposed to one
> that a much larger testing base signed off on as safe and effective.
> I agree about their policy on how they release patches, patches should be
> released as soon as they effectively fix the problem. They should not be
> released on a schedule. There is no excuse for intenti
> onally letting an OS be venerable to attacks that could have been avoided.
> --
> Michael Stevens MS-MVP XP
> xpnews@bogusmichaelstevenstech.com
> http://www.michaelstevenstech.com
> For a better newsgroup experience. Setup a newsreader.
> http://www.michaelstevenstech.com/ou...snewreader.htm
>
>
>

In news:eMnr3ffEGHA.208@tk2msftngp13.phx.gbl,
Michael Stevens <mstevens@bogusmvps.org> replied with a ;-)
> In news:050120060102130223%mitch@hawaii.rr,
> Mitch <mitch@hawaii.rr> replied with a ;-)
>> In article <eJ16R$dEGHA.2300@TK2MSFTNGP15.phx.gbl>, Michael Stevens
>> <mstevens@bogusmvps.org> wrote:
>>
>>> MS will always have the official advisory to not apply any non-ms
>>> patch, but does anyone think the leaked patch was leaked? LOL
>>
>> What are you implying?
>> It isn't clear at all which 'patch' you are writing about, but I see
>> no reason to imagine that Microsoft created ANY solution to this
>> problem yet -- only a lot of resistance from them to do anything
>> about it.
>>
>> Even if they did create a patch that got distributed before they
>> wanted, it doesn't alleviate any of the blame they deserve for not
>> getting the thing out and distributed to every user.
>
> Well you snipped the part of my post that explained what I was
> implying. I was replying to the OP and giving feedback on my
> experience with the Ilfak Guilfanov patch wmffix patch. I wasn't
> laying blame on Microsoft, I was just giving my take on the
> situation. I do not think MS is the god of computing and understand
> when they say something is not supported you should realize it is
> only MS that does not support it and there are many reasons unrelated
> to technical aspects that influences the MS advisory. When an open source
> patch like this one, that has been securitized by
> a much larger base of computer experts than the patch MS releases
> signs off on it, I feel just as safe and secure as one I would get
> from a daily update from Avaste, Trend, AVG, Norton, etc. Why should
> I place a higher value of trust on MS for a patch that only they sign
> off on opposed to one that a much larger testing base signed off on
> as safe and effective. I agree about their policy on how they release
> patches, patches
> should be released as soon as they effectively fix the problem. They
> should not be released on a schedule. There is no excuse for intenti
> onally letting an OS be venerable to attacks that could have been
> avoided.

That should have read as........
I DISAGREE about their policy on how they release patches, patches
should be released as soon as they effectively fix the problem.

Michael Stevens wrote:
> I agree about their policy on how they release patches, patches should be
> released as soon as they effectively fix the problem. They should not be
> released on a schedule. There is no excuse for intenti
> onally letting an OS be venerable to attacks that could have been avoided.

This is a confusing statement since Microsoft's policy *is* to release
patches on a schedule, after they are thoroughly tested. They create
the patch, they make sure it is thoroughly tested, and then they release
on the next scheduled monthly patch release Tuesday.
--
Tom Porterfield
MS-MVP Windows
http://support.teloep.org

Please post all follow-ups to the newsgroup only.

Michael Stevens wrote:
> That should have read as........
> I DISAGREE about their policy on how they release patches, patches
> should be released as soon as they effectively fix the problem.

Ooops. OK, then ignore my other response.
--
Tom Porterfield
MS-MVP Windows
http://support.teloep.org

Please post all follow-ups to the newsgroup only.

Tom Porterfield wrote:
> Michael Stevens wrote:
>> That should have read as........
>> I DISAGREE about their policy on how they release patches, patches
>> should be released as soon as they effectively fix the problem.
>
> Ooops. OK, then ignore my other response.

Thanks Tom, seems like you and I are in the minority around this group.
I can't understand why though. I tested it on one of my computers and it was
flawless, even has a uninstall that works.

--
Michael Stevens MS-MVP XP
xpnews@bogusmichaelstevenstech.com
http://www.michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://www.michaelstevenstech.com/ou...snewreader.htm

In article <eMnr3ffEGHA.208@tk2msftngp13.phx.gbl>, Michael Stevens
<mstevens@bogusmvps.org> wrote:

> Well you snipped the part of my post that explained what I was implying.

Did I? Sorry; missed it entirely.

> was replying to the OP and giving feedback on my experience with the Ilfak
> Guilfanov patch wmffix patch. I wasn't laying blame on Microsoft, I was just
> giving my take on the situation. I do not think MS is the god of computing
> and understand when they say something is not supported you should realize
> it is only MS that does not support it and there are many reasons unrelated
> to technical aspects that influences the MS advisory.

A reasonable point -- the most obvious reason, even if it is valid,
isn't always the only reason or the most significant.

> When an open source patch like this one, that has been securitized by a much
> larger base of computer experts than the patch MS releases signs off on it,
> I feel just as safe and secure as one I would get from a daily update from
> Avaste, Trend, AVG, Norton, etc. Why should I place a higher value of trust
> on MS for a patch that only they sign off on opposed to one that a much
> larger testing base signed off on as safe and effective.

Another point -- yet since the vulnerability is one created by
Microsoft design, they have the opportunity to fix the original error,
rather than just patch over the hole. I suspect that is what people
would expect, anyway.

> I agree about their policy on how they release patches, patches should be
> released as soon as they effectively fix the problem. They should not be
> released on a schedule. There is no excuse for intenti
> onally letting an OS be venerable to attacks that could have been avoided.

No, and yet I was hoping more users would have raised a (choose term
for big ole' higgledy-piggledy mess o' noise) by now, forcing Microsoft
to do something immediately.
It just stuns me that Microsoft so blatantly considers corporate sys
admins the most important part of the industry.