Experts question Windows patch policy
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Experts question Windows patch policy

  1. #1
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583

    Experts question Windows patch policy

    Microsoft will release a series of security patches after midnight tonight in line with its new policy of releasing patches on a monthly schedule.
    I think they should release the patch as soon as the exploit is found out instead of waiting for other holes to be found or when it is the time of the month to release them.

    http://zdnet.com.com/2100-1105_2-5105454.html

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499
    Agreed.

    I also think that Bill Gates should be put over my Grans knee and hit with a belt .

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I 2nd that. Isn't this why MS is so big on not having "Full Disclosure" of vulnerabilities, exploits, PoC, etc. and why Symantec took over the BugTraq list? So that the vulnerabilities found could be controlled on their release and such?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member
    Join Date
    Aug 2002
    Posts
    547
    It seems th at everything is revolving aroundmoney and control now on day. Shame on them

  5. #5
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    That is what it seems to be happening MsMittens. I believe that Microsoft and Symantec should follow the same game plan as soon a new virus definition or a patch for vulnerabilities is made it should be released to the public. the quicker people patch their systems the less impact the virus or Vulnerable their systems will be.

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Unfortunately their argument is that once the vulnerability is found and announced, then *EVERYONE* knows including the "Bad Guys". Even if MS or Symantec or any company releases the patch, it's still up to the admin/user to install it. And that's where things tend to fall down.

    the quicker people patch their systems the less impact the virus or Vulnerable their systems will be.
    Very true but reality dictates otherwise. People rarely look for updates, barely understand how their computers work and really don't care either way. They just want it to work. "Tell me which button to press so I can access the Internet. I shut off the AV software because it was slowing my machine down".

    Perhaps they should be less worried about hiding the vulnerabilities and more concerned about how to educate users. Credit to MS for at least attempting it with some large page ads encouraging users to at least turn on XP firewall (doesn't deal with all those using 98 however)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    True I have worked with people who just want their computer to work but at the same time I also tell them that they need to keep the O.S updated with the latest security fixes and antivirus definitions or else they take a risk of their system being compromised or worse.
    I think it would be better if computer makers and microsoft would make a cd/Dvd showing the users what they need to do to make their system more secure by using a step by step method such as what is a firewall and how does it work Etc and antivirus companies should do the same for their users

  8. #8
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295
    All,

    The problem of course with having Microsoft release patches as soon as a new bug becomes known, is the constant stream of patches that system administrators have to apply to systems.

    Can you expect your granny to run her Auto-Update every day/week to make sure her PC is safe from the next Microsoft critical security flaw? This of course includes the loading of those patches that stop your system from working ...

    I don't want to go into M$ bashing, but due to the large spread of Windows, it is the main target for exploits, and since it offers many exploits, it is constantly being patched.

    Any system administrator of a slight big company knows the nightmare of making sure all PCs are patched (desktops, laptops, laptops of the people who have been travelling for a month and missed all the updates, ....).

    M$ was in the "release patch constantly" mode, but criticised for it, and now they will be criticised for the "release a limited number of patches at regular intervals". Too bad for them, they can't win ;-)

    Cheers,

    BrainStop
    "To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule

  9. #9
    Banned
    Join Date
    Sep 2002
    Posts
    222
    "Can you expect our granny to fun her Auto-Update"

    Dude... that's the whole deal with auto-update. You don't have to run it, it runs itself automatically, hehe.

  10. #10
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    It would be really cool if after installing you could update and not have the updater tell you half the patches failed (did they really fail? or is it false like the original msbaseline security program) , Its pretty sad and a good thing i only use win for games cause i am way to lazy to go through and manually redo the 12 or so failed patches on my install. Especially after having to beg a microsoft employeee for a new reg code. I think he was a little confused when i told him next time i will use a cracked copy to avoid the hassle phoning him again. But in the end maxpayne2 and black box for windows made it almost worthwhile. I will take a cvsup and buildworld (BSD) any day over the broken and retarded win update and treat your customers like thieves company. (sorry for the microbitch but updater pisses me off)
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •