Re: So many Flaws should = Free SMS!

From: Donny M Hayes (donnymhayes_at_earthlink)
Date: 09/11/03 

Date: Wed, 10 Sep 2003 21:48:31 -0500

I think we all understand that the reason MS gets dinged so much is due to
its market share, but that doesn't exuse MS from giving us CUSTOMERS a
reliable patch mgmt method. Having the customer base MS does means it is a
VERY profitable company with HUGE amounts of resources available to it.
Spend some of that money and resources on KEEPING customers.

We are using SUS. It works about 75% of the time. We still have machines
that update for weeks then stop. Sometimes it takes manually restarting the
AUTOUPDATE svc, others it takes restarting the BITS service. Sometimes it
starts working again on its own. And don't even get me started on the
'reporting' functionality of SUS. I hope SUS 2.0 hurries on its way to
production.

I think a lot of us that have always pushed MS in our respective workplaces
are now getting a little exasperated that we spend more time patching
security holes than we do on anything else.
Thats all I'll say on this subject...after spending the last month 3 weeks
doing nothing but trying to make sure we were patched and then getting
todays good news, I had to vent a little.

"Shawn Lewis" <shan.bias@gbrx.com> wrote in message
news:e94aH4%23dDHA.392@TK2MSFTNGP12.phx.gbl...
> Ask and ye shall recieve.
> -----------------------------------
> From microsoft.public.access, Mark Fugatt [MVP]
>
> No I dont think it is a valid request, no software vendor can check their
> software for every possible flaw, the reason we see more of this with
> Microsoft products is not because their software is not tested but because
> it has the largest user base and therefore the bad guys spend more time
and
> effort trying to exploit Microsoft products.
>
> Microsoft has SUS available for free to help you deploy software updates,
> and SMS would require companies to deploy SQL and have the staff in place
to
> administer the SMS system, its not as simple as plugging SMS in and let it
> run.
>
> http://www.microsoft.com/windows2000/windowsupdate/sus/default.asp
>
> --
> Mark Fugatt
> Microsoft Exchange MVP
> www.exchangetrainer.com
> www.msexchange.org
>
>

Relevant Pages

  • Re: So many Flaws should = Free SMS!
    ... No I dont think it is a valid request, no software vendor can check their ... the reason we see more of this with ... Microsoft products is not because their software is not tested but because ... and SMS would require companies to deploy SQL and have the staff in place to ...
    (microsoft.public.security)
  • Re: Updates - what do you trust?
    ... > In general, trust HFNETCHK. ... > patches that were run on your system, whether or not they really were. ... > HFNETCHK checks for a wider variety of Microsoft products like server ... still hasn't come through with SUS. ...
    (microsoft.public.win2000.security)
  • Re: address spaces
    ... whoever has said "microsoft products" are unsafe for this reason is ... But I wouldn't worry about whoever was spouting the drivel you ...
    (microsoft.public.security)
  • Re: VFP 8 and 9
    ... I can't see any reason for waiting. ... the "wait for the service pack" mentality. ... Cindy Winegarden MCSD, Microsoft Visual FoxPro MVP ... > There is always a SP in Microsoft products. ...
    (microsoft.public.fox.programmer.exchange)
  • Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
    ... > use Microsoft products. ... > more Internet Explorer, Windows, Office, etc. ... > intricate workings of a linux workstation, especially for the reason ...
    (Full-Disclosure)