From owner-freebsd-security Sat Jan 22 0:55: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from gate.az.com (gate.az.com [216.145.8.252]) by hub.freebsd.org (Postfix) with ESMTP id 72AB414EF7 for ; Sat, 22 Jan 2000 00:55:03 -0800 (PST) (envelope-from yankee@gate.az.com) Received: (from yankee@localhost) by gate.az.com (8.8.5/8.8.5) id AAA08529; Sat, 22 Jan 2000 00:55:03 -0800 (PST) Date: Sat, 22 Jan 2000 00:55:02 -0800 (PST) From: "Dan Seafeldt, AZ.COM System Administrator" To: security@FreeBSD.org Subject: Microsoft Windows Update Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org http://windowsupdate.microsoft.com This website has delivered automatically several fixes to the OS involving Dos and even more importantly data break-in in the past few months. It is distressing to continually get notified of new fixes involving invasion of privacy or possible loss of confidential business data. These fixes usually involve html or JAVA related involving IE but some OS fixes have been posted as well. Although if FreeBSD implemented something similar to this, it might be nice to consider when public notification of the nature of the problem before, during or after a particular fix was automatically disseminated would be appropriate. From what I can tell the automatic part of Windows Update is an opt-in deal, it does not enable unless you answer a question the first time you go to that website, if you answer yes, it becomes a permanent thing running in the background. The Windows update website does not seem to consider the timing of the posting of security breach details or descriptions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message