The Costs of Patching

prestidigital writes "vnunet has a brief but interesting article in which Craig Fiebig, general manager of Microsoft's security business unit, is quoted as saying "In dollar terms, patching is the most expensive security measures and keeping your antivirus descriptions up to date is the least." That seems like an important statement coming from a company who's patches are possibly responsible for 45% of traffic on some networks."

Microsoft's fault

[DonkeyJimmy]

It's their damn fault. When I decide to accept the stupid auto-update "critical" patches to Windows, it's usually less then 10 days before I have to do it again. Maybe if they didn't release software a year before it's ready it wouldn't be so bad.

Re:Microsoft's fault

[AndroidCat]

How is the parent a troll? I always hated installing a new version of Visual C++ (hot off the press from MS) because I knew that I would immediately have to download 80M+ patches. (And another set a few weeks later.) And then there's the issue making sure each developer's machine has the same set of patches. (And don't get me going about mismatched "system" DLLs at client sites.)

Re:Cost of not patching?

[pmz]

The difficult question is whether the costs of patching outweigh the costs of NOT patching.

The lowest cost method of patching Windows is to use the special one-time CD-ROM distributions available out there that fix Windows once and for all. I can recommend several brands: Slackware Disk 1, Red Hat Disk 1, Solaris Install Disk 1, and OpenBSD Disk 1. There are other very good ones, as well, but they all have about the same level of Windows-patch elimination power.