Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Costs of Patching

Posted by ryuzaki0 on from the we-all-have-t1s-now-anyway-right dept.

prestidigital writes "vnunet has a brief but interesting article in which Craig Fiebig, general manager of Microsoft's security business unit, is quoted as saying "In dollar terms, patching is the most expensive security measures and keeping your antivirus descriptions up to date is the least." That seems like an important statement coming from a company who's patches are possibly responsible for 45% of traffic on some networks."

3 of 303 comments (clear)

  1. Patching most expensive by jonfelder · · Score: 3, Interesting
    Well...patching is also one the most important things you can do with regards to security. So at least in this case the expense is justified. Although patching is annoying, until people learn how to write perfect code it is a necessity.

    IMHO getting hacked is much more expensive.

  2. Say it ain't so! by RealAlaskan · · Score: 5, Interesting
    apt-get update
    apt-get upgrade

    That's what I do, and I'm not sure what all the fuss is about. Things get fixed, usually before I ever knew they were broken, deamons get restarted, nothing gets interrupted, life goes on ... If I took the trouble to make it a cron job, I'd never even know.

    ... Craig Fiebig, ... is quoted as saying "In dollar terms, patching is the most expensive security measures ...

    Is Mr Fiebig telling us that things don't go so smoothly if you use MS products? Or that MS can't keep up with a bunch of amatures? Do MS patches break non-MS apps? Could all this be why so many worms and viruses manage to spread across unpatched MS products? Could it be that MS patches are as bad as the bugs they fix? SAY IT AIN'T SO, CRAIG!

    --
    See what I've been reading.
  3. Question? by Billly+Gates · · Score: 4, Interesting
    C/C++ functions like strngcopy have been known to be a cause of overflows for decades.

    Bell labs(now lucent) and various hackers have made string functions that do the same thing but are buffer safe. They are made to create more secure apps.

    My question is if gcc or visualc for that matter switched to more buffer safe libraries would it make a difference? Trusted Debian is compiled with buffer safe string functions.

    It may be time gnuc did this by default assuming all the apps could be recompiled without a problem.

    This would seem to get rid of %90 of holes in user as well as kernel space.

    --
    http://saveie6.com/