From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_01D8_01C55D16.9CBE5470
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   I didn't say they don't matter.  Read what I wrote.

   Windows Update is not and has never been the only source for updates.

Rich

  "Geo"  wrote in message
news:428dbbca{at}w3.nls.net...
  Rich,

  If they don't matter then why did I have to download a 10mb patch and =
then a 1.5mb patch? Also don't misunderstand what I'm saying, I'm =
definitely NOT saying that the .NET framework is less secure than any =
other piece of software out there, it's about average imo. What I am =
saying is I didn't need it or the patches except to run this one program =
I wanted to try and my issue wasn't even that it's needed patches over =
it's lifetime but that the current version isn't patched and even the =
10mb patch wasn't patched.

  I do not like the whole idea of Windowsupdate as the ONLY patch method =
for one reason. Lets see you use it to patch NT4workstation, Win95, =
Win98, or anything else MS feels doesn't require support anymore.

  If when MS made that decision they put all the patches for these =
products on some website/ftpsite and did it in a nice organized way to =
take care of the remaining customers still running these products then I =
wouldn't have the issue but just go and try to reinstall NT4ws and patch =
it today and well you'll certainly understand my point then.

  If it were up to me, there would be a law that says when a software =
product is EOL'ed, the final act of the authors must be to make = available
a final release that contains everything up to that point and = that all
copy protection must be removed so when the copyright expires = the world
can enjoy the product they protected with that copyright for = so long.

  Geo.
    "Rich"  wrote in message news:428d849e{at}w3.nls.net...
       GDI+ had nothing to do with .NET.

       The DoS attacks were CPU usage due to large contrived complex =
cases.  The first and last were meaningful bugs.  Two in four years is =
not so bad.  All of these are server side issues that only are an issue =
if you explicitly make use of these.  None would affect you on the =
client.  None would affect you on the server either just by installing.

    Rich


      "Geo"  wrote in message =
news:428b17d7$1{at}w3.nls.net...
      "Peter Sawatzki"  wrote in message
      news:428a190e{at}w3.nls.net...

      > I don't see why you have a less secure system when installing =
.NET.
      > Installing a runtime that enables the system to run application =
built
      > in a more secure environment enhances your system.

      Well lets start with the fact that .NET is 23mb of stuff and the =
first patch
      I had to apply was over 10mb and the second patch was 1.5mb.

      If it doesn't make me less secure, why all the patches? Let's =
see..

       2005-02-08: Microsoft ASP.NET URI Canonicalization Unauthorized =
Web Access
      Vulnerability
       2005-01-18: Microsoft GDI+ Library JPEG Segment Length Integer =
Underflow
      Vulnerability
       2003-12-11: Multiple Vendor XML DTD Parameter Entity SOAP Server =
Denial Of
      Service Vulnerability
       2003-12-09: Multiple Vendor XML Parser SOAP Server Denial Of =
Service
      Vulnerability
       2002-06-08: Microsoft ASP.NET StateServer Cookie Handling Buffer =
Overflow
      Vulnerability

      Still think it's not a security issue?

      Geo.


------=_NextPart_000_01D8_01C55D16.9CBE5470
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   I didn't
say they don't =
matter. =20
Read what I wrote.
 
   Windows
Update is not and =
has never=20
been the only source for updates.
 
Rich
 

  "Geo" <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20
  in message news:428dbbca{at}w3.nls.net...
  Rich,
   
  If they don't matter then why did I =
have to=20
  download a 10mb patch and then a 1.5mb patch? Also don't misunderstand =
what=20
  I'm saying, I'm definitely NOT saying that the .NET framework is less =
secure=20
  than any other piece of software out there, it's about average imo. =
What I am=20
  saying is I didn't need it or the patches except to run this one =
program I=20
  wanted to try and my issue wasn't even that it's needed patches over =
it's=20
  lifetime but that the current version isn't patched and even the 10mb =
patch=20
  wasn't patched.
   
  I do not like the whole idea of =
Windowsupdate as=20
  the ONLY patch method for one reason. Lets see you use it to patch=20
  NT4workstation, Win95, Win98, or anything else MS feels doesn't =
require=20
  support anymore.
   
  If when MS made that decision they =
put all the=20
  patches for these products on some website/ftpsite and did it in a =
nice=20
  organized way to take care of the remaining customers still running =
these=20
  products then I wouldn't have the issue but just go and try to =
reinstall NT4ws=20
  and patch it today and well you'll certainly understand my point=20
  then.
   
  If it were up to me, there
would be a =
law that=20
  says when a software product is EOL'ed, the final act of the authors =
must be=20
  to make available a final release that contains everything up to that =
point=20
  and that all copy protection must be removed so when the copyright =
expires the=20
  world can enjoy the product they protected with that copyright for so=20
  long.
   
  Geo.
  

    "Rich" <{at}> wrote in message news:428d849e{at}w3.nls.net...
       GDI+
had nothing to do =
with=20
    .NET.
     
       The
DoS attacks were =
CPU usage due=20
    to large contrived complex cases.  The first and last were =
meaningful=20
    bugs.  Two in four years is not so bad.  All of these are =
server=20
    side issues that only are an issue if you explicitly make use of=20
    these.  None would affect you on the client.  None would =
affect=20
    you on the server either just by installing.
     
    Rich
     
     
    
      "Geo" <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
      wrote in message news:428b17d7$1{at}w3.nls.net..."Peter=20
      Sawatzki" <peter{at}sawatzki.de>=20">mailto:peter{at}sawatzki.de">peter{at}sawatzki.de>=20
      wrote in messagenews:428a190e{at}w3.nls.net...=
>=20
      I don't see why you have a less secure system when installing=20
      .NET.> Installing a runtime that enables the system to run=20
      application built> in a more secure environment enhances =
your=20
      system.Well lets start with the fact that .NET is 23mb of =
stuff=20
      and the first patchI had to apply was over 10mb and the second =
patch=20
      was 1.5mb.If it doesn't make me less secure, why all the =
patches?=20
      Let's see.. 2005-02-08: Microsoft ASP.NET URI=20
      Canonicalization Unauthorized Web=20
      AccessVulnerability 2005-01-18: Microsoft GDI+ =
Library JPEG=20
      Segment Length Integer =
UnderflowVulnerability 2003-12-11:=20
      Multiple Vendor XML DTD Parameter Entity SOAP Server Denial =
OfService=20
      Vulnerability 2003-12-09: Multiple Vendor XML Parser SOAP =
Server=20
      Denial Of
ServiceVulnerability 2002-06-08: Microsoft =
ASP.NET=20
      StateServer Cookie Handling Buffer =
OverflowVulnerabilityStill=20
      think it's not a security=20
issue?Geo.<=
/HTML>

------=_NextPart_000_01D8_01C55D16.9CBE5470--

--- BBBS/NT v4.01 Flag-5