[7560] in bugtraq
Re: Yahoo Pager auto-update
daemon@ATHENA.MIT.EDU (Chris Wedgwood)
Fri Aug 7 16:22:56 1998
Date: Fri, 7 Aug 1998 10:17:06 +1200
Reply-To: Chris Wedgwood <chris@CYBERNET.CO.NZ>
From: Chris Wedgwood <chris@CYBERNET.CO.NZ>
X-To: Sergiy Zhuk <serge@YAHOO-INC.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.3.96.SK.980805164027.17726V-100000@serge.yahoo.com>;
from Sergiy Zhuk on Wed, Aug 05, 1998 at 04:51:25PM -0700
On Wed, Aug 05, 1998 at 04:51:25PM -0700, Sergiy Zhuk wrote:
> On Wed, 5 Aug 1998, Ralf Rudolph wrote:
>
> > btw: The yahoo pager is only one example: Many software vendors offer
> > online upgrades. It just sounds like a bad idea to me to allow this
>
> yes, Symantec, for example...
Actually, form the point of view of having to look after thousands of
lusers with a combined IQ on 9, automatic upgrades are incredibly
attractive. I would estimate that fewer than 50% of modern 'net users
are incapable of saving a file to the desktop and then executing it,
without considerably hand holding - let alone trying to verify it is
indeed the correct file.
If downloaded updates can be verifying using a key/certificate that
originally came with the ship physical media, then for many
non-technical people this is a safer and superior solution that
manually downloading and installing updates for the simple reason
that many non-technical people can easily be duped into downloading
and installing bogus or trojan software.
-cw
