November 11th, 2003, 03:43 PM
Experts question Windows patch policy
I think they should release the patch as soon as the exploit is found out instead of waiting for other holes to be found or when it is the time of the month to release them.
Microsoft will release a series of security patches after midnight tonight in line with its new policy of releasing patches on a monthly schedule.
November 11th, 2003, 03:51 PM
I also think that Bill Gates should be put over my Grans knee and hit with a belt .
November 11th, 2003, 04:02 PM
I 2nd that. Isn't this why MS is so big on not having "Full Disclosure" of vulnerabilities, exploits, PoC, etc. and why Symantec took over the BugTraq list? So that the vulnerabilities found could be controlled on their release and such?
November 11th, 2003, 04:51 PM
It seems th at everything is revolving aroundmoney and control now on day. Shame on them
November 12th, 2003, 03:19 PM
That is what it seems to be happening MsMittens. I believe that Microsoft and Symantec should follow the same game plan as soon a new virus definition or a patch for vulnerabilities is made it should be released to the public. the quicker people patch their systems the less impact the virus or Vulnerable their systems will be.
November 12th, 2003, 03:24 PM
Unfortunately their argument is that once the vulnerability is found and announced, then *EVERYONE* knows including the "Bad Guys". Even if MS or Symantec or any company releases the patch, it's still up to the admin/user to install it. And that's where things tend to fall down.
Very true but reality dictates otherwise. People rarely look for updates, barely understand how their computers work and really don't care either way. They just want it to work. "Tell me which button to press so I can access the Internet. I shut off the AV software because it was slowing my machine down".
the quicker people patch their systems the less impact the virus or Vulnerable their systems will be.
Perhaps they should be less worried about hiding the vulnerabilities and more concerned about how to educate users. Credit to MS for at least attempting it with some large page ads encouraging users to at least turn on XP firewall (doesn't deal with all those using 98 however)
November 12th, 2003, 03:38 PM
True I have worked with people who just want their computer to work but at the same time I also tell them that they need to keep the O.S updated with the latest security fixes and antivirus definitions or else they take a risk of their system being compromised or worse.
I think it would be better if computer makers and microsoft would make a cd/Dvd showing the users what they need to do to make their system more secure by using a step by step method such as what is a firewall and how does it work Etc and antivirus companies should do the same for their users
November 12th, 2003, 03:52 PM
The problem of course with having Microsoft release patches as soon as a new bug becomes known, is the constant stream of patches that system administrators have to apply to systems.
Can you expect your granny to run her Auto-Update every day/week to make sure her PC is safe from the next Microsoft critical security flaw? This of course includes the loading of those patches that stop your system from working ...
I don't want to go into M$ bashing, but due to the large spread of Windows, it is the main target for exploits, and since it offers many exploits, it is constantly being patched.
Any system administrator of a slight big company knows the nightmare of making sure all PCs are patched (desktops, laptops, laptops of the people who have been travelling for a month and missed all the updates, ....).
M$ was in the "release patch constantly" mode, but criticised for it, and now they will be criticised for the "release a limited number of patches at regular intervals". Too bad for them, they can't win ;-)
"To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule
November 12th, 2003, 07:17 PM
"Can you expect our granny to fun her Auto-Update"
Dude... that's the whole deal with auto-update. You don't have to run it, it runs itself automatically, hehe.
November 12th, 2003, 09:20 PM
It would be really cool if after installing you could update and not have the updater tell you half the patches failed (did they really fail? or is it false like the original msbaseline security program) , Its pretty sad and a good thing i only use win for games cause i am way to lazy to go through and manually redo the 12 or so failed patches on my install. Especially after having to beg a microsoft employeee for a new reg code. I think he was a little confused when i told him next time i will use a cracked copy to avoid the hassle phoning him again. But in the end maxpayne2 and black box for windows made it almost worthwhile. I will take a cvsup and buildworld (BSD) any day over the broken and retarded win update and treat your customers like thieves company. (sorry for the microbitch but updater pisses me off)
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots