August 19th, 2003, 01:36 PM
REQUIRED Windows Patches?
I just read this story, which I find absolutely ridiculous - I'd like to see what everyone else thinks about it:
Story found here: http://story.news.yahoo.com/news?tmp...1579_2003aug18
The next version of Windows, which analysts expect to be completed in late 2004, could be the first to let the Auto Update feature download patches from Microsoft without requiring the user's explicit approval.
I believe that a user should stay updated with patches and such, but I firmly disagree with automatic updates by default. I need to be able to use download and install the patches myself - that way if something breaks, I know where to begin looking to find the culprit. I DO NOT want Microsoft doing all this for me while I'm away from my machine. This is absurd...
It's almost like a mechanic coming and picking up my car from work (without my knowledge), fixing (or breaking something else), then returning it to me. Yea, maybe he fixed the problem, but I would have liked to have known he was coming and what he was going to do - what if I get my car back, problem one is fixed but now all of the sudden I have problem two with no explanation.
August 19th, 2003, 01:40 PM
More importantly, what if their site is compromised?
August 19th, 2003, 01:49 PM
Originally posted here by MsMittens
More importantly, what if their site is compromised?
Good point MsMittens, I hadn't even thought about that aspect of it. But you are right, if the update site was compromised, then what? It makes this issue even more ridiculous...
I can understand MS's eagerness to deliever patches to Windows machines, but this is NOT the way to go. Patch management is a reality that users are just going to have to get used to - I don't think that security could ever be improved to the point where a piece of software is 100% secure out of the box, so there will always be patches and updates. But in the end, the user needs to be in control of those updates - not MS.
August 19th, 2003, 01:51 PM
I honestly don't think it will ever be out of the users control. The fact of the matter is that M$'s updates have a very long and proven history of hosing up servers under certain conditions, and I don't expect this to magically change. IMHO, this alone would be a show stopper if M$ decided to make the updates without input from the user...
IMHO, my input would then change to ... linux.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
August 19th, 2003, 02:08 PM
The last thing any Windows sysadmin is going to want is an OS which patches itself automatically.
When running production machines (Workstations as well as servers, but mainly servers), it is *vital* to test any change of software, no matter how insignificant, in a staging environment.
If Microsoft made it automatically update without asking for confirmation, applications could break at the weekend, while the sysadmin was on holiday, etc, and remain broken until someone noticed.
It's happened numerous times - some M$ patch killing your most important application. M$ have a long history of releasing broken patches that make things worse.
This is why any prudent sysadmin wants to test *any* patch - no matter how insignificant - first.
Of course production web / email servers would not normally have enough network access to obtain the patches anyway - as any prudent network admin will put them in a DMZ where egress is forbidden.
August 19th, 2003, 02:12 PM
90% of the machines I have de-Blasted this week Had NO Patches installed.. .. xp machines pre Sept 2002.. no Sp1.. Perhaps Autoupdate on by default BUT selectable.. We have to account for the average ID-ten-T here..
most home users don't want to think about these sorts of problems.. they just want their computer to do a task..
Windaz updates?.. I have a Virus program!
Using acomputer when you are extreemly security concious is like driving a Car.. and having to manually feed the fuel into the Carbie, open the thermostat when the coolant is to hot, and swithc the Alternater charge o/p on and off to prevent battery overcharging.. You wouldn't consider that while driving a car.. it is the same with Home PC users and computer security..
I don't like the Idea of mandatory Updates, I would prefer to test on a non-production machine B4 mass installation..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
August 19th, 2003, 02:48 PM
I think you might have miss-interpreted this article and what MS are trying to do.
They are aiming for home users with this, and are saying that if you go for a default instal, then MS will automatically install patches, and turn the XP firewall on, which in my view is a good idea for your average home user. Which is not the same thing as saying you can't change this setting if you have some IT expertise.
For a corporate user running e.g. Win 2K/XP or 2003 you will be able to stop automatic updates happening very easily - if not fire your Sysadmin.
I also doubt that the windowsupdate site (the real one) will get compromised - sure it might get taken offline by a DDoS attack, but that isn't quite the same thing, is it?
August 19th, 2003, 02:57 PM
I'd disagree. Anyone can be compromised. It is a question of a) how often and b) how public they make it. Microsoft itself hasn't kept it's own servers up-to-date and it got hit by the Sapphire worm last year. While it's helpful to aid the home user, I think it would be better if home users were "forced" (gently) to learn more about the machines they run at home.
Attitudes of "I have nothing important to steal", "I'm just a home user", etc. are the reason that machines remain unpatched and lack anti-virus software.
In my opinion, I think power should be returned to the user to be more proactive about their activities online. Our society has accepted that someone else will "do it all for us" and that there is a "be-all, end-all" solution for everything. Events within North American society (obesity, rising car usage, less interaction with neighbours, less community interaction, etc.) suggest this will continue. Computer manufacturers, Microsoft in particular, is encouraging the user to be more "stupid" about their machines and less interested in learning even a little about how they work.
August 19th, 2003, 03:12 PM
Hopefuly we can still turn off auto update. most patches from MS I have applied have broken something, includeing this RPC patch.
Who is more trustworthy then all of the gurus or Buddha’s?
August 19th, 2003, 10:21 PM
I am all in favour of life being made easy for the "home User"........but this looks more likely to be Microsoft trying to make life easy for their support people?
Apart from the very good objections already raised in this thread, these routines tend to cut in when you are busy doing something else, and are quite likely to cause them to crash. At least on low end systems.
Another thing, not everyone has superfast broadband connections or free internet connection, so they may want to time updates carefully? Over here (England) there is also the problem of excess traffic on Telcos/ISPs when school is out. You can't expect a download to last more than 45 minutes some days . I prefer to do that sort of thing late at night, when the rates are lower and most of the younger users are in bed.
I have also noticed in the past that a number of large windows updates relate to things that I don't use.......................so I wouldn't want them anyway?
Just a couple of thoughts.............