security flaws and patch confusion....

OK..hoping that 'the only dumb question, is the one that's never asked' rule applies here, I have an 'uneducated' curiosity.

My question is about all the security flaws and patches that are released concerning browsers and OS's. When these companies release the information / warning that the flaw or hole 'could allow exploits and unauthorized users to run malicious code' on a machine; does this negate any hardware or software firewalls that a user may have?

I know it's best to always try and keep up with the current release and patch with any software, but I've never quite been able to get an answer to this distinction?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

2lazybutsmart

My question is about all the security flaws and patches that are released concerning browsers and OS's

From a non-technical point of view, software companies usually make sure that a complete version of any given software is never rolled out in the first release. It's more of a marketing scheme (sorry for deviating from your question's subject... but

). From my few years in software development (mainly in the product management sector), I've come to know that a software made to address all required issues isn't following a good marketing practice. You don't rob the customer, but you don't give him everything in the first roll-out. Bit by bit, the customer will both be dependant on you and feel that you are working towards enhancing the application day and night.

The Redmond giant, like the small company I've worked at, uses the same strategy and 6,000+ developing brains behind it.

I'll leave the technical part for others

just my .02 cent,
2lbs.

RussS

hmmm interesting 2lazy

I think it is more from public demand than a marketing perspective for Redmond. They announce a product in beta and a possible release date and they are then pushed by the media to release it ... ready or not.
I think Bill G would be over the moon to actually roll out a product that was ready to go and flawless for a change ... lol

itwannabe - it is possible for the addition of new software to disable a software firewall (any product if they have certain conflicts). However a hardware firewall is completely unaffected as it is a seperate device on the network.

itwannabe

RussS wrote:

itwannabe - it is possible for the addition of new software to disable a software firewall (any product if they have certain conflicts). However a hardware firewall is completely unaffected as it is a separate device on the network.

Ok, that much I get...and maybe my original question was off target...Lets use Windows XP as my example using the following scenario

For instance, say I'm running XP w/ a software firewall and a port probe shows all port scan attempts are blocked successfully.

Then I receive an auto update from microsoft saying that there is a new critical update available and when I read the knowledge base article, it gives me the 'may allow unauthorized users to run malicious code on the machine' disclaimer about whatever buffer overrun or breach has been identified.

So, my question is, if it's a hole in the software that's been hacked thru, then is it possible my firewall is breachable because of this hole? Does that make sense or am I confusing myself again? hahaha

Webmaster

Depends on if the hole is in a service that you allow at the firewall. For example, if port 80 inbound is denied on the firewall, there's no need to worry about a hole in IIS www service on you Windows XP client.

RussS

Confusing yourself .... hmmmmm - only if you have been taking advice from enforcer - they don't call him the confusion master for nothing :P

Webmaster is correct - but as in all cases ... keep an eye on the boards for adverse reactions to patches and service packs.

itwannabe

got it..thanks Webmaster

Webmaster

You're welcome.

Indeed, some updates might produce other breaches or failures and make thing even worse. Usually you should only install those updates that you really need... every Service Pack includes new bugs.

I think MS is doing a fine job automatically updating my XP system though

@2lazybutsmart: As with any software, people find bugs and holes, and since MS products are most widely used, they are most likely to become a target for exploitation. I agree with RussS, I think BG is indeed more obsessed with trying to create the ultimate OS than with his financial balance...

itwannabe

RussS & WbMstr

I couldn't agree more...on all counts...regarding the bugs and fixes w/ service packs and updates...That's one of the things that led to my original question....

I often wait to install the MS updates until I can read some info on them, just because I hate to jump on the 'damn I got it, now what' bandwagon...lol so for now, I'm happy w/ XP and looking forward to Longhorn in a couple of years. I wonder if there's a beta version of that out, (besides on P2P networks)...

again, thanks to all for the input and so for now, I'm off, until the next time my mind wanders

Enforcer

RussS wrote:

Confusing yourself .... hmmmmm - only if you have been taking advice from enforcer - they don't call him the confusion master for nothing :P

Hey!

how come I got brought into this?

RussS

And you had to ask?

Enforcer

Well I hadn't made any contribution to this thread, but there I am right in the middle of it.

I only found out I did a web search for Enforcer Confusion Master.