Re: Microsoft finally acknowledges the security drumbeats

From: Philip J. Koenig (See_email_@ddress_below.This_one_is.invalid)
Date: 01/29/02


From: Philip J. Koenig <See_email_@ddress_below.This_one_is.invalid>
Date: Tue, 29 Jan 2002 13:28:51 -0800

In article <pmvd5u05qmh7b9g4gg63n1q59joet5m4o0@news.dnai.com>, spam@is.invalid
(John R Pierce) writes...
> On Tue, 29 Jan 2002 11:37:13 -0800, Philip J. Koenig
> <See_email_@ddress_below.This_one_is.invalid> wrote:
>
> >Another are the "security rollup" patches. This nonsense of
> >having to wade through piles of poorly-organized junk in
> >order to figure out what to patch, and do every one of them
> >separately (rebooting the #*(%&#*$#$ machine after every one)
> >is ridiculous.
>
> I haven't seen that scenario since the debacle of NT4 post service pack
> fixes when there was a *long* interval between SP4 and SP5/6, and each
> post-sp4 fix was a seperate install.

Well MS has a nasty habit of obfuscating what patches were released
when, playing with the file names and dates, etc.

It was only pretty recently (last last year as I recall) that they
put together this "security rollup" thing for NT, prior to that
any post-SP security patches had to be found/installed separately.

> >Like various other vendors, MS apparently
> >figures if they make it hard to ascertain out how many patches
> >they've released, dummies will be fooled into thinking the OS
> >is more bug-free than it really is. If they are really "getting"
> >it, they will dump this nonsense, and stop doing things like
> >constantly screwing around with file versions and dates to
> >keep people confused, etc.
>
> actually, for win2000 at least, their new 'corporate update' site can
> generate rollups of user selected patches... you decide, ok, I need patch
> X, Y, and Z here, it generates a single executable that installs those 3
> in one pass, this can in turn be mass deployed on a intranet using
> standard corporate software distribution systems such as SMS, Zenworks,
> etc.

Well they've had a "corporate update" site for quite a while (at
least since Win98 came out), I haven't seen the stuff you mention
yet, sounds like a big improvement.

As recently as 3-6 months ago they were still suggesting that
you manually use this separate tool (Qchain) to install multiple
hotfixes at the same time. Quoting from Q296861 ("last reviewed
June 13, 2001"):

> Microsoft has released a command-line tool named QChain.exe
> that gives system administrators the ability to safely chain
> hotfixes together. Hotfix chaining involves installing multiple
> hotfixes without rebooting between each installation. Without
> this tool, the only supported method is to reboot after each
> hotfix installation. The QChain.exe tool has the following
> benefits:
> * It increases uptime for servers because computers are not
> being rebooted between each hotfix installation.
>
> * It allows faster installations of multiple hotfixes on a
> single computer.
>
> * It is a solution that works on both Windows 2000 and Windows
> NT 4.0.

-- 
Philip J. Koenig         The Electric Kahuna Organization       [anti-spammed]
----------------Computers & Communications for the New Millennium-------------
* To send email, remove numbers and spaces:  pjkunet64 @  ekahuna27 . com    *
*           Email Blacklists: stop using innocent users as pawns.            *
* Simple answers are for simple minds.  Try a new way of looking at things.  *



Relevant Pages

  • 9_Recommended error codes (specifically return code 5)
    ... * "return code 2" indicates patches are already installed. ... * "return code 25" means a patches requires another patch that is not yet installed. ... With or without using the save option, the patch installation process ... Installing 114008-01... ...
    (SunManagers)
  • [SLE] CUPS was working, now it isnt
    ... is patched to 2.4.20-100 using the SuSE patch. ... another SuSE 8.2 installation in an old "test" partition on this machine. ... The last time I ran YOU, I couldn't see any new patches available to ...
    (SuSE)
  • Re: security patches vis distribute software wizard
    ... Scan always runs after patch installation. ... > not to display patches in Add/remove programs. ... the SMS report and client logs ...
    (microsoft.public.sms.swdist)
  • Re: MSN Groups and page cannot be displayed
    ... > BBCode in your posts on the forum is determined by the administrator. ... let's backtrack to the patch issue. ... To get patches piecemeal from Windows ... this may be due to respectively different installation ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • [Summary] Patchpro on sol9 cannot download patches - Error, caught No valid download source
    ... remove of an older j2sdk and installation of actual ... Patchpro on sol9 cannot download patches - Error, ... Patch Cluster) with Patch Pro 2.2. ... caught No valid download source.. ...
    (SunManagers)