title: [redacted], Windows and SP3 (1) link: https://onemoretech.wordpress.com/2009/04/22/redacted-windows-and-sp3-1/ author: lembobro description: post_id: 334 created: 2009/04/22 13:11:50 created_gmt: 2009/04/22 13:11:50 comment_status: open post_name: redacted-windows-and-sp3-1 status: publish post_type: post

[redacted], Windows and SP3 (1)

subtitled: wherein I ridicule [redacted] Networks

Last night I finally got fed up with being disconnected from the VPN every 20 minutes (coincidentally the period in which renegotiation of cryptographic keys happens).

To fix it I had to clone another Windows XP virtual machine and downgrade it to SP2, removing just about anything that had been bug and security fixed in the process (including IE 7). After reinstalling the latest (?) Windows update I locked out the IE 7 upgrade and did a custom install of all security and bug fixes with the exception of SP3. Of course many failed, as they depend on SP3.

Once everything was done Windows barked at me that my system was now dangerously insecure. “Tell that to [redacted]”, I yelled back, not in those exact words of course (there was a profanity or two in there someplace).

Of course [redacted] promised this would be fixed by Q2 of 2008 (man do I hate whitespace in URLs, it’s an external web site people, not an SMB share on one of your internal fileservers: yeah, this operation has “best practices” written all over it). Supposedly the eyes-only [redacted] for July, 2008 announced that SP3 is now supported. But since [redacted] doesn’t allow access to this document to those without a customer account, I can’t confirm that. I wonder if Vista SP1 is also covered by this (for which support was also promised by Q2 2008)? Interesting that there’s no mention of this on their publicly accessible Knowledge Base.

Putting aside whether the latest firmware updates have been done to our devices (n/c), you have to ask yourself why this would have been a problem in the first place. Just what is it about the old firmware that makes it incompatible with newer, more secure, configurations of the client O/S?

You know, it’s bad enough I have to maintain a Windows machine just to connect to “enterprise” software like Oracle EBS 11i, because earlier versions of Oracle apps will only run with IE on Windows (EBS 12 runs like a champ in Firefox on Linux, even 64-bit). But being slaved to a VPN solution that only works with an acknowledged insecure configuration of a legacy proprietary O/S really makes me wonder.

And does the search facility for that KB have to be that painfully slow?

Will the 8th layer of the OSI model (corporate politics) always sideline better (as in technical quality), faster, cheaper and more open solutions for the commercially acceptable product du jour?

In enterprise IT no one can hear you scream.

Copyright 2004-2019 Phil Lembo