RE: WSUS/Reboot
From: David LeBlanc (dleblanc_at_mindspring.com)
Date: 06/25/05
- Previous message: Kern, Tom: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- In reply to: Martin Mewes: "Re: WSUS/Reboot"
- Next in thread: Susan Bradley: "Re: WSUS/Reboot"
- Reply: Susan Bradley: "Re: WSUS/Reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Martin Mewes'" <mm@mewes.tv>, <focus-ms@securityfocus.com> Date: Sat, 25 Jun 2005 14:52:45 -0700
> Did someone ever tell Microsoft that they should have a look
> on unixoid systems. The only scenario a unixoid box _must_ be
> rebooted is, when the kernel has been patched or the main
> glibc must be changed for some reasons. But even the latter
> does not mean to always you need to reboot the system.
Reducing reboots is something that I know is a priority for Microsoft, and
you're right - having systems rebooting all the time is a problem, even if
they're just desktops. I think you'll see improvement on this over time, and
one of the new features of WSUS I notice is immediate application of patches
that don't need reboots.
However, they way that you get this system uptime on most *nix systems is to
drop the service in question, apply patches and restart the service. IMHO,
if the system's job is to provide that service, there is only a little
difference between bouncing the service and bouncing the box. If you take
the same approach on a Windows server, you will often find that you get
similar gains. For example, back when there were enough IIS patches to worry
about, you could stop the web service and if the patch were applied when
then server wasn't up, it didn't need a reboot. You'd then restart the
service once the patch was applied. Many of the patches only trigger a
reboot if a file that needed to be replaced will only get replaced on
reboot.
IMHO, it would be a good thing if the patch were to do this on it's own, but
in the meantime you can certainly do it yourself.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Kern, Tom: "RE: Using Messenger Service for 'Net Send' Functionality --- Dangerous?Why?"
- In reply to: Martin Mewes: "Re: WSUS/Reboot"
- Next in thread: Susan Bradley: "Re: WSUS/Reboot"
- Reply: Susan Bradley: "Re: WSUS/Reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
