they are so afraid

[Peter]

The latest m$ security problem has prompted early patchers to be 
*afraid* of a patch issued by a *third* party:

http://www.theregister.co.uk/2006/01/13/security_wmf_microsoft/

Well, as early adopters of 'N' *N-th* party patches which we (linux and 
OSS users) are, we could have a good laugh on that, no ? I think that 
the opposition can really talk (and write) itself into a panic. Let's 
help them a little with the fud (remember this message is archived on 
the Internet):

Now, that they have prepared themselves so well to doubt the early 
solution provider, here is a little fud poison: how about, someone who 
read the above article, and finds a new hole, releases the new 
attack/exploit into the wild, and has an asociate with a trojaned fix 
waiting. When the new flaw will be discovered the early patchers will 
accept the trojaned new binary patch, and they will have to run it to 
find out if 'it does what the issuer says it does', since it comes 
without source. Of course, the malicious issuer, will have built 
suitable timers into his patch, knowing what will be looked for. Oh, and 
the patch, which is a Windows update, will be installed with 
Administrator privileges of course. There is no other way, you see. You 
have to trust someone eventually, no ? MUAHAHAHAHA (that would be a 
really sad situation, and it is waiting to happen any day now).

And the only real solution to this that I can see is, that the 
non-malicious patch developer will have to sell the patch *source* to m$ 
or the powers that be, to be trusted. Either that, or publish it *open 
source*.

Now take *this* for fud, closed source advocates.

OSS is superior by design,
Peter
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml