Re: patch management policy/practice

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 03/12/03 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Wed, 12 Mar 2003 07:27:23 -0500

I tend to disagree. Installing patches is certainly a headache. But as the
other poster mentioned, there have been 6 patches released this year. If
your company and home were running Linux on their workstations, it would be
at least 6 if not more... and the problem gets worse if you allow your
corporate users to run RedHat 8.0 and 7.3 and 7.2 and SuSE and Debian etc.
etc.

There are a variety of ways to get updates easily, from visiting
www.windowsupdate.com once a week to SUS update services and other similar
Microsoft update services built into Windows XP etc., free HFNETCHK to
confirm that updates are installed, etc. We've had success rolling out
patches also via the login script and the AT command as well. It seems to
me that the larger problem is that too many people don't even bother to lift
a finger to pursue getting free updates, installing free antivirus, the
basic things you know you need to spend a few minutes doing to keep secure.
[And also too many companies and government entities etc. that don't have a
clear policy mandating when and how patches are installed.] Installing
www.grisoft.com antivirus or any of the free firewalls out there is a snap,
but still so many people don't do it. IMHO, no matter how easy you make
this stuff, people won't do it.

"Activated" <activated@attbi.com> wrote in message
news:OPHnbJC6CHA.2156@TK2MSFTNGP12.phx.gbl...
> I can't resist saying a little about this large question.
>
> The real issue regarding patches and service packs and Microsoft is that
it
> is barely manageable. The frequency of updates that are said to be
> "critical", and the complexity of applying the updates have led most
larger
> companies with a very large headache. Microsoft is not to blame for
hackers
> and the ante that is raised by them, but it IS responsible for the
> architecture for applying changes, and the relative weakness the software
> has shown over time to have in regard to the "holes" discovered. Since
the
> software is mission critical, and really, since Microsoft is a major game
in
> regard to infrastructure, we customers are wholly dependent on, and need
> Microsoft to "fix" the mess. It may not be easy to fix, it may require a
> massive rearchitecting of the products, but at present, and in reality,
the
> cycle of hole-hack-discovery-fix-patch creation/posting-updating is the
> single most taxing byproduct of buying and using Microsoft products.
> Microsoft makes it worse also by allowing marketing to make make name
> changes too often, and to bring even more confusion to the product trees
> which are dynamically in flux in regard to patches and updates.
>
> To be fair, all products are undergoing this kind of flux, but Microsoft
> with its breadth of product, and the problems noted regarding dates, and
> packages and application of them, brings a very difficult situation to
> corporations, and even worse for the casual home users, and small home
> offices. Really, the SoHo are on their own by and large. A cottage
> industry has sprouted around them, but most often they are running with
old
> software, non-patched, and open to all levels of risk and destruction.

Relevant Pages

  • Re: SVChost.exe 99% CPU Usage with SP3 installed
    ... I've installed Windows XP SP3 on many computers to date (I am in an IT ... SP3 has installed on all of them through automatic updates ... I've spent many mornings in crisis mode because a Microsoft ... If the OP had had a quick scout in the "real world" before installing SP3, ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Microsoft need to be held accountable!
    ... I believe they really are doing the best they can at Microsoft. ... It would help however if people started to skip any driver updates from MS ... and would be more careful installing any updates by not blindly doing so as ... system affected the same way by this weeks security updates, ...
    (microsoft.public.windowsupdate)
  • Re: patch management policy/practice
    ... Installing patches is certainly a headache. ... There are a variety of ways to get updates easily, ... Microsoft update services built into Windows XP etc., ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Latest Windows Update
    ... > In fact, I also had a problem installing KB902400, but not yet any issues at ... > Should third party products "work nicely" with the Microsoft Operating ... > and close all applications prior to installing the updates. ...
    (microsoft.public.windowsupdate)
  • RE: update failure
    ... I must have missed seeing an error code, all i saw was it telling me it was ... They tried to get me to believe that it was anything but a Microsoft Problem. ... updates were installing just fine with all firewalls etc switched ON. ... I then started downloading these updates manually one by one and installing ...
    (microsoft.public.windowsupdate)