Date: Mon, 08 Sep 2003 14:26:16 -0700
From: Roy Levin <>
Subject: Re: [IP] An annoyed Farber -- Microsoft vulnerabilities in Office
products (Word, PowerPoint, Excel, Outlook)
To: Dave Farber <dave@xxxxxxxxxx>
Hi Dave,
Here's some information about the annoying "insert CD in order to
install patches" experience you had with Office. If you deem this
suitable for the IP list, feel free to distribute, but please remove my
email address.
Best,
Roy
========================
Dave,
I had the same experience that you did with Office Update: its annoying
demand to insert the installation CD before it would install security
patches. As a consequence, I talked to the people inside Microsoft who
have responsibility for the relevant software. I was interested to
learn that the behavior is not the result of piracy concerns but rather
a side-effect of mechanisms intended to improve download performance.
The Windows Installer has quite a lot of machinery to minimize the size
of downloads by using deltas, which are computed relative to the
installation bits. In practice, this machinery reduces download size
quite substantially in many cases, but it obviously depends on having
the installation bits available on the user's machine. This works
smoothly if those bits are readily accessible (say, cached somewhere on
the user's hard drive), but otherwise the installer has to ask for them,
producing the annoying behavior that we (and doubtless many others)
experienced.
I'm told that the delta compression mechanism is optional (patch kits
can use whole-file transfer instead), but because some downloads are
very large (especially service packs), the performance advantages of
delta compression are significant and most patches therefore tend to use
them.
I'm also told that we can expect the upcoming version of Office not to
exhibit the behavior that annoyed you.
Best,
Roy
-------------
You wrote:
OF COURSE MS IN THE EXPECTED "PROTECT OUR PRODUCT" MODE requires you to
have the cdrom in order to install this critical and important
protection.
I have just moved and , like many, have no idea where the damn box is so
I can not protect my self except to not use the Office suite. Why are
such emergency updates conditional on finding the damn cdrom???
Dave
>Microsoft has issued a security notice concerning the entire Microsoft
>Office suite (Word, PowerPoint, Excel, Outlook). The vulnerability
>could allow an attacker to gain control of a machine. For those faculty
>and staff who are out of the office today please visit the following
>websites to receive the latest patches:
>
>http://www.windowsupdate.com
>http://www.officeupdate.com/ProductUpdates/default.aspx
>
>Please note, to receive the patches you must click on the scanning
tool.
>In some cases, you will have to provide the installation media (CD)
>during the patch installation.
>
>Generally the installation takes between 10-25 minutes (longer if
>you're using a dial up connection). Your cooperation is very much
>appreciated and if you have any questions please contact me directly.
-------------------------------------
You are subscribed as roy@xxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at:
http://www.interesting-people.org/archives/interesting-people/