Slashdot Mirror


Microsoft Plans An Overhaul For Patch System

sckienle writes "ZD-Net has an article about Microsoft's plans to overhaul their patch system. 'Ninety-five percent of attacks happen after a patch for a known software vulnerability has been issued' says Scott Charney, chief trustworthy computing strategist at Microsoft. Basically, Scott is promoting the idea that Microsoft can do a better job, in many ways, so people will trust and be able to install patches quickly. Microsoft has a transcript of Scott Charney's talk on their site." As reader sweeney37 summarizes, " Microsoft's plan is to reduce the patch installers from eight to two, they want to have one patch installer specifically for the OS side and one specifically for the applications." Sweeney37 points out this InformationWeek article on the planned change.

10 of 402 comments (clear)

  1. recent bad patches? by ClickWir · · Score: 5, Insightful

    What about the recent patch that "broke" peoples net connections... I don't want something like that automatically applied.

    1. Re:recent bad patches? by Dot.Com.CEO · · Score: 5, Insightful
      You know, I love the register as any slashdot user does, but, seriously, it is not "news". The specific article that you are posting is full of "may" and "could". The link to SuSE linux at the end of the article hardly makes for detached commentary. In fact, had this article been posted in /. it would have been a -1 Troll.

      I think that Microsoft could very well make system updates (ie not DRM related ones) obligatory but I don't think they will. And, seriously, even if they do, what stops you from blocking windowsupdate.microsoft.com at your firewall?

      --
      Mother is the best bet and don't let Satan draw you too fast.
  2. While it's laudable that they're at least trying.. by The+Kryptonian · · Score: 5, Insightful

    .. I sincerely doubt that their reputation for releasing patches that break as much as they fix will be affected very much by this move. I think most business users will see it as an attempt to appear as though they're trying to address the issues instead of actually doing anything.

    It's kind of like a balding man with a really bad comb-over. It looks okay from a distance, but it doesn't really fool anyone.

  3. sweet irony by ciroknight · · Score: 5, Insightful

    After i just go through hell with m$s last patch to fix a security problem... connection problems. That thing took 5 hours to remove and still i see side effects of it (like aim wont connect and stay connected for long). But hey, that's how they make their killing: tech support. Sadly I'm not (dumb|smart) enough to (write|call) them on this one. Maybe its time for a patch system that simply removes the files they over wrote and stores the old ones somewhere.... that'd be really nice..

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  4. Security patches used with political means? by Anonymous Coward · · Score: 5, Insightful

    Hi, A good idea to improve the speed of patch adoption should be not to use patches to sneak in system "enhancements". I use XP for some tasks at home and once I applied one "cumulative security patch for Internet explorer" I found out Windows was keeping me from watching my region 1 DVDs ( I live in Spain ). Of course I re-installed windows and I stop installing whatever patch and I am trying to move all my desktop needs to Linux; anyway I believe this behavior is shameful if not criminal. I have since advise all my clients to plan an exit-strategy from Microsoft products. The belief from Microsoft they can restrict product features set, after you already bought it makes dangerous to "bet" your business on their good faith as they do not have any

  5. Not true at all! by 2nd+Post! · · Score: 5, Insightful

    Come on, that's hardly reasonable.

    How is a user supposed to trust a patch being issued by a company that is known to release vulnerable software in the first place?

    Yes, it's not a reasonable standpoint for a user to have, but it's still valid!

    Take this example: My system works. Apple releases Quicktime 6.3, iMovie 3.0.3, iSync 1.1, and Bluetooth 1.2.1 today. You expect me to update all of them?

    Why? Just because? Because there are new features? Because they fix bugs? Because they improve performance? Just because Apple decided to release them?

    But the difference is that I do trust Apple. Having used their OS and system for 2 years, now, I have found that Apple updates don't introduce more problems, do increase functionality, performance, and reliability, so I *will* update just because.

    However, there *are* pieces of software I haven't updated. I haven't updated my base station software, yet, because it works and I don't want to restart it. I haven't updated my iPod software, again for the same. I haven't updated my IE because I don't use it, and have deleted it.

    But I *don't* trust Microsoft. I've been using them for 10 years, and I won't update until there's feedback on whether there are new instabilities, problems, crashes, etc.

    That... and did I mention I don't trust Microsoft?

  6. What's broken by Todd+Knarr · · Score: 5, Insightful

    Sorry, Charney, it's not the patch installation software that's the problem. Sure the changes you suggest will make things a lot easier, but their absence isn't why people don't install your patches. The problem is the patches themselves.

    Yes, the patches themselves. People don't install them because they break critical production software which must not be broken. And in some cases those patches can't be backed out without a complete wipe and reinstall of the system, witness the recent VPN protocol "fix". As long as this is the case, people will still not install the patches no matter how easy the installation process is.

    If MS wants to improve their patch process, they need to do a few things:

    1. Insure that security and critical updates don't break existing software. At the very least, if breakage is neccesary the type and extent must be documented in the patch description.
    2. All security-related patches must be seperate from functionality upgrades. You can roll security fixes into service packs and upgrade packages, but you must never require the latter to get the former.
    3. All patches must be uninstallable. No exceptions. Not even for security patches. Admins must be confident that any patch can be undone if it absolutely has to be.
    4. Patches must not change license terms. One of the reasons people avoid patches is that they change the license terms to ones they can't accept. No using security fixes as blackmail to foist terms on users that the users wouldn't agree to on their own.
  7. Of course. by Anonymous Coward · · Score: 5, Insightful

    Any time something wrong with Linux is pointed out, you are then reminded that somehow, this is a good thing. Linux is always perfect.

    Not so with MS. They can do no good ever. According to Slashdot, MS has NEVER come out with anything decent. They could compile an exact duplicate of Linus' personal kernel, and somehow, the Zealots would find something wrong.

    It's amazing how MS is slagged as not having an ounce of innovation, what about Linux itself? This is not an OS that was developed independently, with no legacy ties. In fact, it was written to be a substitute for Unix, a copy, a clone. Linux could not exist with Unix.

    This is the thinking of the supplicants who recently touted "Feet of Fury" as innovative.

    Of course, this will be modded down. Contrarian opinions are not tolerated here (the supposed bastion of free thinking). You think Bill is the Borg? You haven't met a Zealot.

  8. Re:It needs a patch: it IS broken by DreamerFi · · Score: 5, Insightful

    There is NO excuse for not patching your software, like there is also no excuse for having security holes in your software.

    To quote Morpheus, "welcome to the real world". What if your choice is between these two:

    1) running software with a security hole, but being able to bill your customers, and

    2) not running software because the patch breaks the application that allows you to bill your customers, thus not making any money and going out of business.

    Unfortunately, sometimes this is a real situation, and not just with microsoft software.

  9. Re:Automated patches for pirated copies? by Psiren · · Score: 5, Insightful

    That's the biggest load of bullshit I've ever read. If you think Windows is such a bloat-ridden insecure piece of crap, why are you still using it? The truth of the matter is, you can get away with not paying for it, so you will. You're a thief, end of story.