Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Automating patch deployment

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 6 Aug 2003 10:32:46 -0500
-----Original Message-----
From: Bassett, Mark [mailto:mbassett () omaha com] 
Sent: Wednesday, August 06, 2003 9:21 AM
To: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Automating patch deployment


The good thing about SUS is that you can set it up to not 
push out the packages until you approve them.  The SUS box 
downloads all the critical updates and then they sit in queue 
until you tell them it's ok to push them out.  I think that's 
the best way to handle the situation.  Sure it creates a 
little admin work, but I think the advantage is clear.  


The bad thing about SUS is that it uses Windows Update technology which
means it can be incorrect when determining if a box needs a patch.  This
means you can *look* like you're patched when you're not.

To me, that is unacceptable behavior.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: