RE: WSUS/Reboot
From: Depp, Dennis M. (deppdm_at_ornl.gov)
Date: 06/27/05
- Previous message: Susan Bradley: "Re: WSUS/Reboot"
- Maybe in reply to: Ronald Balk: "WSUS/Reboot"
- Next in thread: Martin Mewes: "Re: WSUS/Reboot"
- Reply: Martin Mewes: "Re: WSUS/Reboot"
- Reply: Laura A. Robinson: "RE: WSUS/Reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Jun 2005 12:25:59 -0400 To: David LeBlanc <dleblanc@mindspring.com>, Martin Mewes <mm@mewes.tv>, focus-ms@securityfocus.com
So why aren't the patches smart enough to stop and restart the necessary
services? IMHO there is a big difference in bouncing a service and
bouncing the entire box. For starters there is a big time differece.
It takes much longer to bounce a box than to bounce a service. During a
server bounce, there is a much greater chance of something else going
wrong. Ever have a box reboot with an error "Key board not found, Press
F1 to continue."?
Dennis
-----Original Message-----
From: David LeBlanc [mailto:dleblanc@mindspring.com]
Sent: Saturday, June 25, 2005 5:53 PM
To: 'Martin Mewes'; focus-ms@securityfocus.com
Subject: RE: WSUS/Reboot
> Did someone ever tell Microsoft that they should have a look
> on unixoid systems. The only scenario a unixoid box _must_ be
> rebooted is, when the kernel has been patched or the main
> glibc must be changed for some reasons. But even the latter
> does not mean to always you need to reboot the system.
Reducing reboots is something that I know is a priority for Microsoft,
and
you're right - having systems rebooting all the time is a problem, even
if
they're just desktops. I think you'll see improvement on this over time,
and
one of the new features of WSUS I notice is immediate application of
patches
that don't need reboots.
However, they way that you get this system uptime on most *nix systems
is to
drop the service in question, apply patches and restart the service.
IMHO,
if the system's job is to provide that service, there is only a little
difference between bouncing the service and bouncing the box. If you
take
the same approach on a Windows server, you will often find that you get
similar gains. For example, back when there were enough IIS patches to
worry
about, you could stop the web service and if the patch were applied when
then server wasn't up, it didn't need a reboot. You'd then restart the
service once the patch was applied. Many of the patches only trigger a
reboot if a file that needed to be replaced will only get replaced on
reboot.
IMHO, it would be a good thing if the patch were to do this on it's own,
but
in the meantime you can certainly do it yourself.
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Susan Bradley: "Re: WSUS/Reboot"
- Maybe in reply to: Ronald Balk: "WSUS/Reboot"
- Next in thread: Martin Mewes: "Re: WSUS/Reboot"
- Reply: Martin Mewes: "Re: WSUS/Reboot"
- Reply: Laura A. Robinson: "RE: WSUS/Reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
