REQUIRED Windows Patches?
Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: REQUIRED Windows Patches?

  1. #1
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852

    REQUIRED Windows Patches?

    Hey guys,

    I just read this story, which I find absolutely ridiculous - I'd like to see what everyone else thinks about it:

    The next version of Windows, which analysts expect to be completed in late 2004, could be the first to let the Auto Update feature download patches from Microsoft without requiring the user's explicit approval.
    Story found here: http://story.news.yahoo.com/news?tmp...1579_2003aug18


    I believe that a user should stay updated with patches and such, but I firmly disagree with automatic updates by default. I need to be able to use download and install the patches myself - that way if something breaks, I know where to begin looking to find the culprit. I DO NOT want Microsoft doing all this for me while I'm away from my machine. This is absurd...

    It's almost like a mechanic coming and picking up my car from work (without my knowledge), fixing (or breaking something else), then returning it to me. Yea, maybe he fixed the problem, but I would have liked to have known he was coming and what he was going to do - what if I get my car back, problem one is fixed but now all of the sudden I have problem two with no explanation.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    More importantly, what if their site is compromised?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Originally posted here by MsMittens
    More importantly, what if their site is compromised?

    Good point MsMittens, I hadn't even thought about that aspect of it. But you are right, if the update site was compromised, then what? It makes this issue even more ridiculous...

    I can understand MS's eagerness to deliever patches to Windows machines, but this is NOT the way to go. Patch management is a reality that users are just going to have to get used to - I don't think that security could ever be improved to the point where a piece of software is 100% secure out of the box, so there will always be patches and updates. But in the end, the user needs to be in control of those updates - not MS.

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    I honestly don't think it will ever be out of the users control. The fact of the matter is that M$'s updates have a very long and proven history of hosing up servers under certain conditions, and I don't expect this to magically change. IMHO, this alone would be a show stopper if M$ decided to make the updates without input from the user...

    IMHO, my input would then change to ... linux.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    The last thing any Windows sysadmin is going to want is an OS which patches itself automatically.

    When running production machines (Workstations as well as servers, but mainly servers), it is *vital* to test any change of software, no matter how insignificant, in a staging environment.

    If Microsoft made it automatically update without asking for confirmation, applications could break at the weekend, while the sysadmin was on holiday, etc, and remain broken until someone noticed.

    It's happened numerous times - some M$ patch killing your most important application. M$ have a long history of releasing broken patches that make things worse.

    This is why any prudent sysadmin wants to test *any* patch - no matter how insignificant - first.

    Of course production web / email servers would not normally have enough network access to obtain the patches anyway - as any prudent network admin will put them in a DMZ where egress is forbidden.

    Slarty

  6. #6
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    90% of the machines I have de-Blasted this week Had NO Patches installed.. .. xp machines pre Sept 2002.. no Sp1.. Perhaps Autoupdate on by default BUT selectable.. We have to account for the average ID-ten-T here..
    Windaz updates?.. I have a Virus program!
    most home users don't want to think about these sorts of problems.. they just want their computer to do a task..
    Using acomputer when you are extreemly security concious is like driving a Car.. and having to manually feed the fuel into the Carbie, open the thermostat when the coolant is to hot, and swithc the Alternater charge o/p on and off to prevent battery overcharging.. You wouldn't consider that while driving a car.. it is the same with Home PC users and computer security..

    I don't like the Idea of mandatory Updates, I would prefer to test on a non-production machine B4 mass installation..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    I think you might have miss-interpreted this article and what MS are trying to do.

    They are aiming for home users with this, and are saying that if you go for a default instal, then MS will automatically install patches, and turn the XP firewall on, which in my view is a good idea for your average home user. Which is not the same thing as saying you can't change this setting if you have some IT expertise.

    For a corporate user running e.g. Win 2K/XP or 2003 you will be able to stop automatic updates happening very easily - if not fire your Sysadmin.

    I also doubt that the windowsupdate site (the real one) will get compromised - sure it might get taken offline by a DDoS attack, but that isn't quite the same thing, is it?

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Darkes,

    I'd disagree. Anyone can be compromised. It is a question of a) how often and b) how public they make it. Microsoft itself hasn't kept it's own servers up-to-date and it got hit by the Sapphire worm last year. While it's helpful to aid the home user, I think it would be better if home users were "forced" (gently) to learn more about the machines they run at home.

    Attitudes of "I have nothing important to steal", "I'm just a home user", etc. are the reason that machines remain unpatched and lack anti-virus software.

    In my opinion, I think power should be returned to the user to be more proactive about their activities online. Our society has accepted that someone else will "do it all for us" and that there is a "be-all, end-all" solution for everything. Events within North American society (obesity, rising car usage, less interaction with neighbours, less community interaction, etc.) suggest this will continue. Computer manufacturers, Microsoft in particular, is encouraging the user to be more "stupid" about their machines and less interested in learning even a little about how they work.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Hopefuly we can still turn off auto update. most patches from MS I have applied have broken something, includeing this RPC patch.
    Who is more trustworthy then all of the gurus or Buddha’s?

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I am all in favour of life being made easy for the "home User"........but this looks more likely to be Microsoft trying to make life easy for their support people?

    Apart from the very good objections already raised in this thread, these routines tend to cut in when you are busy doing something else, and are quite likely to cause them to crash. At least on low end systems.

    Another thing, not everyone has superfast broadband connections or free internet connection, so they may want to time updates carefully? Over here (England) there is also the problem of excess traffic on Telcos/ISPs when school is out. You can't expect a download to last more than 45 minutes some days . I prefer to do that sort of thing late at night, when the rates are lower and most of the younger users are in bed.

    I have also noticed in the past that a number of large windows updates relate to things that I don't use.......................so I wouldn't want them anyway?

    Just a couple of thoughts.............

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •