Re: Dear Microsoft... Rebooting servers id NOT security..
From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 05/28/05
- Previous message: Karl Levinson, mvp: "Re: Advice request: Backdoor hack on Windows Small Business Server 200"
- In reply to: Duse: "Dear Microsoft... Rebooting servers id NOT security.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 28 May 2005 09:30:12 -0400
Microsoft claims that with Windows 2003, far fewer patches require reboots.
Their number was around 80% fewer, I think. I haven't checked to confirm
this. Additionally, many patches that are critical for other OSes are not
critical for Windows 2003, as the vulnerabilities are mitigated by default
settings. If the patch isn't critical, you may be able to wait a month or
several to install it, depending on the details.
Microsoft is also working on hot patching technology to replace running
executables without rebooting. However, if you have to patch your web
server software, you're probably going to have to cause some sort of
downtime by stopping the web server service, whether you're talking Windows
or *nix. Having said all that, I'm sure it is frustrating if a patch for
something unrelated like RPC / DCOM forces you to reboot and lose your
unrelated web services, and many Microsoft customers have always hated that
MS forces you to install IE and Outlook on Windows servers and force you to
install patches nearly monthly. I think they may finally be listening to
the customers and fixing this as well, I don't know.
Most people that can't tolerate 5 minutes of downtime during a reboot 1) use
clustered servers for fault tolerance, because 2) they can't tolerate even
30 seconds of downtime that would be caused by stopping the web service on
Windows or *nix. There are large well known commercial web sites that run
in large Windows clusters in data centers.
"Duse" <dude@soft.com> wrote in message
news:Oyxg33XXFHA.2684@TK2MSFTNGP09.phx.gbl...
> The recent rend for critical patches for win 2003 to require rebooting the
> server is USELESS!!!
>
> Win 2003 is a SEVER, it cannot be continually rebooted and offer any
Server
> level to its users.
>
> Additionally the fact that only a partial installation occures ( which
> leaves the server in a unstable state) is also USELESS...
>
> FYI: server are NOT workstations and do not have people sitting at them to
> monitor and react to your auto updates and installs..
>
> Is this truely what you think improving security is....
>
> Unhappy..
>
>
>
- Previous message: Karl Levinson, mvp: "Re: Advice request: Backdoor hack on Windows Small Business Server 200"
- In reply to: Duse: "Dear Microsoft... Rebooting servers id NOT security.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
