Security Incidents mailing list archives
RE: Microsoft's Early Xmas Present.
From: "Cloppert, Michael" <Michael.Cloppert () 53 com>
Date: Thu, 3 Jan 2002 08:56:31 -0500
<snip>normal people to keep up on patches is. I'm starting tothink more andmore that a 3-month expiration date on Windows is a goodidea. If youhaven't patched in 3 months, then your machine will refuseto do anythingbut download patches...I second that idea. I don't think it will be implemented however, unless the installer allows for that. Then again, I don't like my machines updating themselves without my permission. (Yeah, I'm the geek that knows what I'm doing and keeps stuff patched on my servers. Thankfully I'm not the LAN admin, but I usually get to fix infected machines before the LAN admins can get to figure out that they are infected by a worm that yesterdays antivirus patch won't fix).
One thing that irritates me is the notion that "the patch has been out for x months and companies should be patched." Keep in mind that MANY MANY companies have custom software, or older software, that they rely on for business critical applications, which are occasionally incompatible with MS patches. Sure, these companies COULD buy the latest and greatest at a price tag potentially in the tens of millions of dollars range... but if it's custom software one could still run into this problem a few months down the line. Not only that, but in larger environments patching isn't simply a matter of slapping an executable on a machine and running it. On mission-critical servers, this must be tested extensively before rolling out. Each and every service that runs on some servers needs to be verified before DLL and kernel changes are made, otherwise VERY costly downtime could result. If MS ever wants to be taken seriously in the server market, they need to understand these problems and write code that's not going to require constant babysitting in the form of patches every few weeks. Should admin's be dilligent in patching? Absolutely. Laziness is really the only reason for not working on patches. However, keep in mind that while a shop with 20 servers can be patched carefully in a week or less, a shop with 300 can take significantly more time. Mike Cloppert ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Microsoft's Early Xmas Present. Devdas Bhagat (Jan 02)
- Re: Microsoft's Early Xmas Present. Steve Stearns (Jan 02)
- Re: Microsoft's Early Xmas Present. John Sage (Jan 03)
- Re: Microsoft's Early Xmas Present. Brett Glass (Jan 03)
- Re: Microsoft's Early Xmas Present. John Sage (Jan 03)
- <Possible follow-ups>
- Re: Microsoft's Early Xmas Present. David Kennedy CISSP (Jan 03)
- Re: Microsoft's Early Xmas Present. Ryan Russell (Jan 03)
- RE: Microsoft's Early Xmas Present. Cloppert, Michael (Jan 03)
- RE: Microsoft's Early Xmas Present. H C (Jan 03)
- Re: Microsoft's Early Xmas Present. Valdis . Kletnieks (Jan 03)
- RE: Microsoft's Early Xmas Present. Eric Jon Rostetter (Jan 03)
- RE: Microsoft's Early Xmas Present. H C (Jan 03)
- RE: Microsoft's Early Xmas Present. H C (Jan 03)
- Re: Microsoft's Early Xmas Present. Steve Stearns (Jan 02)