Taken from Alec's reply to HandsOff: "Your level of paranoia is something to be proud of,I suppose. If you really are so fearful and anti-Microsoft as to not run Notepad and Paint, I'm not quite sure what you are doing running a Microsoft OS at all.Seriously. Perhaps you would be better suited to Linux or OS X? I can recommend both as quality alternatives (albeit not for everyone, IMHO)." Excuse me...but i don't see any "level of paranoia" in here. Notepad,Paint and the whole MS product suite is CLOSED-source. Meaning I don't have ONE single reason to trust them,their apps,or assume they've done proper auditing on them. Their history has shown exactly the opposite all these years. Although without serious evidence,they have also been accused numerous times for placing "backdoors", even from the NSA...and as far as I know,at least Germany and China have decided/stated, they will replace MS with some custom-made Linux version, in their goverment offices/organizations,exactly because they don't trust MS. Are they paranoid also? And in my poor opinion,I can recommend both Linux or OS X as quality alternatives to anyone... ------------------------------------------------------------ Taken from Alec's reply to...me: "Those vulnerabilities previously listed were only mere examples of security problems, discovered post-SP2 that were found to affect SP1 systems and,not SP2 systems. I do not wish to be distracted into a long conversation about each,that was not the point... We are not talking about specific one-offs discovered and fixed, rather we are talking about general classes of vulnerabilities made less likely." ..."made less likely"...well,excuse me, but does a re-compiled gdi32.dll ring a bell to anyone? -And if answer is yes...nop,you don't exactly win a prize At first,you describe them as: "...serious security vulnerabilities that exist in SP1 that do not exist in SP2". Then: "Those vulnerabilities previously listed were only mere examples..." And finally, "We are not talking about specific one-offs discovered and fixed..." I'm confused...what exactly are they at last? I also wouldn't like to be distracted into a long conversation about each exploit/fix discovered, they are numerous in MS systems after all. But (in your 1st post at least),they were presented as "proofs" that SP2 is more secure than SP1. "Proofs" must be accompanied by descriptions that can stand for them: since you didn't supply these descriptions, I just searched the MS site for them...with the results that I already posted. Sorry-if someone wanted to convince me that SP2 is more secure than SP1: a)he/she should have searched/provided far more better examples than these, b)he/she should have provided descriptive evidence for them. " As to your commentary about re-compilation in general and your pointing out the WMF exploit... you obviously do not understand the difference between a stack overflow vulnerability and a heap overflow vulnerability." In what way can this be taken seriously? One person has a "level of paranoia", the other one "obviously" cannot understand... with no offence to anyone:are we mentally ill/disrupted somehow? Allow me to remind that... there's also a difference between characterizing people and just commenting their opinions.