Admins... Microsoft Auto-update.....
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Admins... Microsoft Auto-update.....

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    Admins... Microsoft Auto-update.....

    At the top of the page leading to here is a very interesting piece of information which should mean that there is very little excuse for admins to not automatically patch public servers in the near future. I for one see this as a huge benefit......

    And, we will provide rollback capability for all patches, so you can roll them out and roll them back if there is an application incompatibility or something unanticipated
    How many of you will reconsider auto-update when this rollback ability proves functional?

    What would you say if M$ began shipping products with auto-update turned on?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    <quote>
    What would you say if M$ began shipping products with auto-update turned on?
    </quote>

    I would be very happy.

    For the time I would spend fixing little issues it causes at work It would more than half the number of updates I need to do for friends/family/co-workers at night.

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Tiger Shark,

    For home users, SOHO, and small businesses it sounds like a good idea, given the amount of grief caused my malware spreading via unpatched machines lately.

    Larger organisations will not want to know, because they have the resource to tackle the issue in a more traditional manner, and are much more cautious (generally because they are more dependent on their systems).

    For example, I cannot see it being acceptable in the Defence and Financial sectors?

    I think we have to wait and see how reliable the patches are?

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Member
    Join Date
    Oct 2003
    Posts
    93
    Originally posted here by nihil
    Hi Tiger Shark,

    Larger organisations will not want to know, because they have the resource to tackle the issue in a more traditional manner, and are much more cautious (generally because they are more dependent on their systems).

    Cheers
    Now this did make me laugh. As I work for a "larger organisation". I am the resource to tackle the patching problem, simply because I was silly enought to alert management to the possible problem. And caution can be made into an art form.

    Yes, you are right about finance and defence organisations probably being less overjoyed at the prospect - but one would hope they also have a much more rigorous approach to software updates anyway.

    From my position, I would love updates to be automatic, particularly if rollback is relatively simple. It would have saved me a lot of work over the last couple of months. If we can only work out how to update everyone to achieve this ....

    One of my concerns would be the potential to spread an infection via auto-update technology. It would spread a virus very quickly if it could be done.

  5. #5
    Senior Member
    Join Date
    Jul 2002
    Posts
    106
    i am in agreement with most people here, it would be a good thing for the general user, who most of them have never even been to windows update.

    BUT

    One of my concerns would be the potential to spread an infection via auto-update technology. It would spread a virus very quickly if it could be done.
    as schrodinger mentioned, if it could be done, that would be a concern definitely.

    as for large corps...they could mitigate this concern by setting up their own SUS server(s).
    just making some minor adjustments to your system....

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    You can already roll back MS patches without issue. Control panel- add/remove software. Every patch is listed there and the files that were replaced are stored in hidden directories under the winnt directory.

    I wouldn't mind auto-update being enabled by default. For my mission critical systems I would just make sure to turn that off as I would not want the system to update without being able to test the patches in a lab environment first.

    Also, as it is usually the case that a configuration change can prevent exploitation of a bug, I prefer to make configuration changes before I would install a patch.

  7. #7
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Although I am a fan of any kind of AutoUpdate for home users (friends of mine dont download the patches at all and wonder why their systems are riddled with viruses) I cant wait to see the guy who is wondering why his 56k modem is so slow because of a huge service pack downloading in the background. If MS could make the patches smaller then I could see this really being a good thing. My friends mostly do not download Antivirus and MS updates because they are big and "take too long to download."
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    mohaughn: there are a number of updates that cannot be removed in that way. MDAC comes to mind as one.

    from the point of view of a larg operation with a lot of ustom com objects this is a very bad idea I haven't installed a MS patch that didn't break one of our objects. but we allready block ms auto update at the firewall so I am not to concerend if they turn it on by default
    Who is more trustworthy then all of the gurus or Buddha’s?

  9. #9
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,121
    Well, I work in the security business (Alarm Monitoring Station) and the use of the suto update would never fly with us. We have way to much riding for the remark "if there is an application incompatibility or something unanticipated". Downtime is not an option here. If we have down time, houses, churches, businesses get robbed, pilaged, burned to the ground.

    Our systems rely on about 3 clustered auto back-up SQL systems, 50 windows workstations, and several other systems and recievers for the alarms. If these systems start failing, because of an auto-update gone bad, were in some deep ****. Especially with all the specialized software we run.


    On more of a personal level, I don't always just slap the updates on my personal machines either. I wait for a while, back up all my databases and web designs, files, etc and then reluctantly cringe when hitting the update button.

    Just me I guess.

  10. #10
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    IMHO it all comes down to what type of system you are patching.

    As bballad & xmaddness noted, an automatic update could screw a corporate or small business system, so there is no way you would apply any updates without testing them first. Well, I certainly wouldn't recommend it to anyone.

    However, when it comes to your bog standard home system, I have yet to see an MS update that does any damage. Not all the MS patches work of course , but at least they don't damage the end users system.

    There is a problem with big MS updates, so why doesn't MS pop up a warning box saying this update will take xx mins to install (on a 56k modem which they should know you are using) - go & have a cup of coffee ??

    At the moment, working in my unofficial sysadmin role for friends & family, I recommend they check manually once a week, make a note of the estimated download time for critical updates, add 50% (!!), and come back when it is finished. AV updates are not so bad, as these tend to be optimised for dial up anyway.

    I always leave them with a check list of what to do & how often to do it, with the option of emailing me if they are unsure.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides