I disagree.
Especially with Microsoft Products.
With that company I have resigned to taking a wait and see approach.
If What I have now works, and works well, then I am not going to upgrade to
the 'next best thing'.
When the first patch or "Service Pack" comes out, I go see what was fixed,
and what the bugs were.
The thing is that when MS released IE5.5 , just to use an example, the
updates for IE5.0 fixed the holes anyway.
So my suggestion when dealing with Microsoft as an Enduser is to install the
updates regularly.
Especially if you have a broadband connection..there's no excuse.
Use the Windows Update facility.
As for upgrading to the latest thing? I say don't upgrade a Microsoft
product unless you have a compelling reason to (some hot feature you really
need). And for their new releases, I would suggest waiting for the first
Service Pack (which in the case of win2k was out almost as soon as the OS
was being sold in stores wasn't it? ;-) )
Ciao!
-Gel,who is still running Windows 98 SE and IE5.01 at home.
----- Original Message -----
From: Scott, Andrew <[EMAIL PROTECTED]>
To: CF-Talk <[EMAIL PROTECTED]>
Sent: Wednesday, November 01, 2000 10:32 PM
Subject: RE: ColdFusion is vulnerable?
> Mike,
>
> It didn't say that Coldfusion was ranked number 2 in security flaws, it
used
> cgi as an example of which Coldfusion is based on as is ASP,Perl,Awk,C++
to
> name a few. However in reading the article I did notice a concern that
> struck me hard.
>
> The world has come to accept that we have application out there that have
> major problems, we accept the fact that a new release will always bring
> about new problems, however companies like MS have not made it clear
enough
> that problems/patches/service packs are needed to secure holes in the
likes
> of IIS/Internet Explorer etc.
>
> I like the fact that as soon as something security wise is known with CF,
> its posted on the allaire security page. But how many users of Internet
> Explorer actually know that v4 has numerous security holes, and there are
> probably x amount unknown hidden away in IE5.5 and continue to use it.
With
> every new release these security holes might have been fixed, plus many
new
> enhancements. But if for arguments sake IE6 was released, people would not
> upgrade straight away and wait for known issues.
>
> I can accept their concerns, but these known issues might have already
have
> been in previous versions. Anyway its not always clear that if a problem
> exists the average user is not aware of it. I know people who download the
> latest stuff all the time, and use it and complain that this doesn't work
> etc. Well if you use a beta copy then you deserve the hardache I guess,
but
> if its not a beta there is no real release to the public of such issues,
> enhancements or patches to such applications. We as a development
community
> know the ins/outs of most of these and know how to keep in touch with the
> latest patches etc., but average users do not.
>
> Sorry for being off topic a little, but it needed to be pointed out I
> thought! Awarness, it makes it so hard when dealing with clients:-)
>
>
>
>
>
> regards
>
> Andrew Scott
> Senior Cold Fusion Application Developer
>
>
>
> -----Original Message-----
> From: Mike Connolly [mailto:[EMAIL PROTECTED]]
> Sent: 01 November 2000 22:17
> To: CF-Talk
> Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Subject: ColdFusion is vulnerable?
>
>
> Have a look at this article listing ColdFusion as number 2 in top 10
> internet security threats...
> http://www.sans.org/topten.htm
>
> Comments on a postcard please?
>
>
>
> -----------------------------------------------
> Any opinions expressed in this message are those of the individual and not
> necessarily the company. This message and any files transmitted with it
are
> confidential and solely for the use of the intended recipient. If you are
> not the intended recipient or the person responsible for delivering to the
> intended recipient, be advised that you have received this message in
error
> and that any use is strictly prohibited.
>
> Sapphire Technologies Ltd
> http://www.sapphire.net
> --------------------------------------------------------------------------
--
> --------------------
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send
a
> message with 'unsubscribe' in the body to
[EMAIL PROTECTED]
> --------------------------------------------------------------------------
----------------------
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send
a message with 'unsubscribe' in the body to
[EMAIL PROTECTED]
>
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
