swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
2 edits | reply to NICK ADSL UK
Re: Microsoft Security Bulletin Summary for June 2007
MS07-031 is about "Windows Schannel" which is explained as Microsoft's implementation of SSL and TLS. "This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS."
The bulletin says "Microsoft has not identified any workarounds for this vulnerability". So is it true, as the bulletin implies, that any browser running on Windows and using SSL or TLS is using Microsoft's version of SSL/TLS? I thought other browsers such as Firefox or Opera supplied their own SSL/TLS code. Is Microsoft just refusing to acknowledge that using a browser other than IE is a workaround?
Edit: I didn't see anything on point with a quick Google, but then I looked on mozilla.org and of course the Moz browsers have their own SSL/TLS code. It's just a deceptive bulletin.
Edit2: Thanks for the links as always. |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P. | reply to NICK ADSL UK
Nick you da man and danke  |
|
AB
Premium
join:2006-04-04
Leesburg, VA
1 edit | reply to swhx7
said by swhx7  :MS07-031 is about "Windows Schannel" which is explained as Microsoft's implementation of SSL and TLS. "This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS." The bulletin says "Microsoft has not identified any workarounds for this vulnerability". So is it true, as the bulletin implies, that any browser running on Windows and using SSL or TLS is using Microsoft's version of SSL/TLS? I thought other browsers such as Firefox or Opera supplied their own SSL/TLS code. Is Microsoft just refusing to acknowledgme that using a browser other than IE is a workaround? Edit: I didn't see anything on point with a quick Google, but then I looke on mozilla.org and of course the Moz browsers have their own SSL/TLS code. It's just a deceptive bulletin. Isn't that interesting? (Making the assumption here that that's true.)
So what does that also tell us, I wonder, about why it is that WGA might need to be 'updated' yet again?
I'm reserving any judgment for now-- but I can't help but think I smell a stench coming from somewhere. |
|
Sindows 7
join:2006-09-13
Hope, BC
1 edit |  reply to NICK ADSL UK
whatever |
|
Sindows 7
join:2006-09-13
Hope, BC
1 edit | .... |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
| reply to AB
said by AB :said by swhx7 :MS07-031 is about "Windows Schannel" which is explained as Microsoft's implementation of SSL and TLS. "This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS." The bulletin says "Microsoft has not identified any workarounds for this vulnerability". So is it true, as the bulletin implies, that any browser running on Windows and using SSL or TLS is using Microsoft's version of SSL/TLS? I thought other browsers such as Firefox or Opera supplied their own SSL/TLS code. Is Microsoft just refusing to acknowledgme that using a browser other than IE is a workaround? Edit: I didn't see anything on point with a quick Google, but then I looke on mozilla.org and of course the Moz browsers have their own SSL/TLS code. It's just a deceptive bulletin. Isn't that interesting? (Making the assumption here that that's true.) So what does that also tell us, I wonder, about why it is that WGA might need to be 'updated' yet again? I'm reserving any judgment for now-- but I can't help but think I smell a stench coming from somewhere. I don't think they were updated? The wga*.* files look old. I could be wrong here.
I think MS just wants to force Windows Update (and MS Update) users to have WGA checking like OGA. Annoying!
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by antdude :I don't think they were updated? The wga*.* files look old. I could be wrong here. . . . I'm just going by jabarnut 's post:
»Re: Microsoft Security Bulletin Summary for June 2007
If he says there's an updated version, I believe him.
I don't and won't have that genuine POS on my computer. And this is one of the very reasons why not.
This is maybe the fourth or fifth 'update' to it they've come out with. Why? What is it about it that needs to be "updated"?
Wait, let me guess-- Microsoft's explanation will be that they're continually tweaking it to lessen the chances of a 'false positive' (or a 'false negative' would be more accurate in this case, I guess). 
I have two genuine licenses for their genuine OS software-- one genuine full retail, one genuine OEM. I paid genuine American greenbacks for both of them, I have genuine sales receipts for both of them, I have validated both of them upon install, and I have spoken with genuine Microsoft representatives via telephone on a couple of occasions. Microsoft Corp. has my genuine name, my genuine address, and my genuine telephone number. If that's not good enough (which apparently it isn't) then they can go pound sand up their genuine corporate asses, as far as I'm concerned.
End of story, and pardon my rant. |
|
Caution
@netcarrier.net
|
Well I don't know is its an updated WGA or not...an really don't care///its not getting installed on my computers.....it was install once before and I left it on just to see what would happen....an sure enough today I could not download the updates unless I installed it again///what the hell is this ?
Well I got the updates....just not from the windows update website..... |
|
Curley
join:2002-04-10
Michigan
| reply to caffeinator
said by caffeinator :said by antdude :Wow, I didn't even notice that too: Windows Genuine Advantage Validation Tool (KB892130) Gah, MS is really pushing this WGA! Precisely why I only get the email bulletins and only download the files directly.  Ditto! |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | reply to AB
Thanks for the vote of confidence there AB !
Of course, I'm assuming it's an 'updated version', because (as mentioned in the second post above), I had to install it before I was able to download and install the other updates.
And I understand the problem you guys have with them continually hounding you with this thing.
It bothered me a lot at first too.
Now, I just don't care any more, and figure it's not worth getting an ulcer over.
I let them have their fun, install it, and move on. (Like most many of you, my installations are all legit too, and I figure they should certainly know that by now, but oh well).
And I do like the 'convenience' of Microsoft Update (even though I have auto-updates turned off..and run custom scans).
To be honest, the fact that my wife is constantly hounding me to finish staining the house, is a lot more irritating.  
--
I had a life once.....now I have a Computer and a Modem. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by jabarnut :Thanks for the vote of confidence there AB ! Of course, I'm assuming it's an 'updated version', because (as mentioned in the second post above), I had to install it before I was able to install the other updates. And I understand the problem you guys have with them continually hounding you with this thing. It bothered me a lot at first too. Now, I just don't care any more, and figure it's not worth getting an ulcer over. You know you always have my utmost confidence, jabarnut, and I hold your opinions in high esteem, regardless of any of my sometimes silly comments to the possible contrary.
I don't blame you for taking that attitude. I have a similar one, actually, except without allowing the installation of that thing (which I initially did allow, until they started getting pushier and pushier about it).
Every once in a while when the subject of it comes up though, it still makes my blood boil.
I just don't care to play 98 lb. weakling to their bully, is all.
To be honest, the fact that my wife is constantly hounding me to finish staining the house, is a lot more irritating.
»Re: The Geek Squad
|
|
ElJay
join:2004-03-17
 ·Great Works Internet
| reply to NICK ADSL UK
Fun |
|
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to NICK ADSL UK
said by NICK ADSL UK :As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system. Security ToolFind out if you are missing important Microsoft product updates by using MBSA. Thank you for the notice.
Another place to get the patches is Microsoft Download site which you didn't mention. I think one should always read the Technet bulletin and Knowledge base article for each patch first and then download each patch to disk from the Microsoft Download site.
Belarc Advisor will also show you what patches you have and which you need and if you use it, and Microsoft Download site, then you totally avoid having Microsoft yet again demand that you "show your papers". So, for those who feel insulted by the "prove repeatedly that you are not a thief attitude", first read the Technet bulletins, then download from MS Download site, or wait until Belarc has the latest definitions out for Advisor (usually 24 hours after Microsoft publishes the patches) and let the Advisor guide you to the patches you need. MSBA is a fine tool also but some feel the current version is too invasive and if you feel that way then Belarc Advisor is a good substitute.
I'm off now to read the Technet bulletins and the Knowledge base articles.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
bigdarby
join:2004-09-18
Uniontown, OH | reply to NICK ADSL UK
The current MS Udates I downloaded are:ks933566 935840 935839 935846 929123 890830 as of June 14,2007 |
|
Sindows 7
join:2006-09-13
Hope, BC
1 edit | reply to NICK ADSL UK
|
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
 ·Vonage
| said by Sindows 7 :wow thatks for the help............ Help with what?
said by Sindows 7 :Seems they were sucessful
--
~~"As long as America is an infidel enemy, terrorizing it is a duty." Sayed Imam Abdul-Aziz el-Sheriff~~
|
|
OZO
Premium
join:2003-01-17 | reply to NICK ADSL UK
Why the time needed to find out all required updates for computer is so short for Belarc Advisor and so long for common Windows Update procedure?
--
Keep it simple, it'll become complex by itself... |
|
Sindows 7
join:2006-09-13
Hope, BC
1 edit | reply to NICK ADSL UK
Stop whinning about the wga and pay for your OS |
|
antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
4 edits | reply to antdude
It appears that WGA's LegitCheckControl.dll file is v1.7.36.0 and from April 2007. So, it's not really new/updated.
Sneaky MS wants GA everywhere. :P |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | I didn't really look into it too much...all I know is that I had to install what was referred to as the "Windows Genuine Advantage Validation Tool" through Microsoft Update (it was the first thing that came up, after a custom scan), before the site would even let me download and install anything else.
And considering the fact that I've probably downloaded and installed what I believe to be same thing at least 2 or 3 times before in the past, I have to assume something changed, somewhere.
(Edit) I just looked at my LegitCheckControl.dll file, and it is indeed v1.7.36.0 as you mentioned.
However, that doesn't negate the fact that I still had to 'play the game' before I was allowed to continue.
--
I had a life once.....now I have a Computer and a Modem. |
|
