Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Automating patch deployment

From: David Vincent <david.vincent () mightyoaks com>
Date: Wed, 6 Aug 2003 09:12:07 -0700
The good thing about SUS is that you can set it up to not 
push out the packages until you approve them.  The SUS box 
downloads all the critical updates and then they sit in queue 
until you tell them it's ok to push them out.  I think that's 
the best way to handle the situation.  Sure it creates a 
little admin work, but I think the advantage is clear.  


The bad thing about SUS is that it uses Windows Update 
technology which
means it can be incorrect when determining if a box needs a 
patch.  This
means you can *look* like you're patched when you're not.

To me, that is unacceptable behavior.


c'mon folks.

if you rely on only one tool to make sure you're patched you deserve what
you get.  security is like an onion - layers upon layers!

-d

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: