Slashdot Mirror


Microsoft Plans An Overhaul For Patch System

sckienle writes "ZD-Net has an article about Microsoft's plans to overhaul their patch system. 'Ninety-five percent of attacks happen after a patch for a known software vulnerability has been issued' says Scott Charney, chief trustworthy computing strategist at Microsoft. Basically, Scott is promoting the idea that Microsoft can do a better job, in many ways, so people will trust and be able to install patches quickly. Microsoft has a transcript of Scott Charney's talk on their site." As reader sweeney37 summarizes, " Microsoft's plan is to reduce the patch installers from eight to two, they want to have one patch installer specifically for the OS side and one specifically for the applications." Sweeney37 points out this InformationWeek article on the planned change.

8 of 402 comments (clear)

  1. Re:User problem by pla · · Score: 5, Interesting

    If you turn off this feature, it's really your own fault that you get hacked.

    I will presume you mean that as a joke.

    You do know Microsoft's history of releasing "updates" that have a high probability of making matters worse than the bugs they claim to fix, right?

    I believe their last proof of this idea occurred... Oh, last week? And who can forget the legendary NT4 "even numbered SP plague"? They should have released 6a as 7, just to keep their f'd up patches consistantly named. ;-)

  2. Automated patches for pirated copies? by brogdon · · Score: 5, Interesting

    As I read this little blurb, I was thinking to myself that this probably won't help me any, since I have a pirated copy of XP (as do a nontrivial number of other users, I would imagine). My first thought was that Microsoft would require you to have an "activated" and properly registered copy of Windows and/or the MS applications you were running in order to receive the updates.

    But as I thought about it, I realized that not letting the pirates patch their installs of Windows might not be in MS's best interests either. If some worm gets loose, and 98% of registered Windows users are patched, but none of the cracked copies are, the worm will replicate to the 2% of unpatched registered users much faster than if you'd allowed the pirates to receive patches instead of trying to screw them with an insecure version of the OS. That would increase the ultimate number of infected machines and influence whether or not the worm becomes a PR problem.

    I'm not sure what I would do in this situation; I'd probably end up allowing pirated copies to update anyway and just try to capture their IP addresses on the sly in case I could use them later.

    --


    This tagline is umop apisdn.
  3. Interesting patch counts.... by Anonymous Coward · · Score: 5, Interesting
    About a year ago at work we had a presentation of why our clients should go with us and part of that presentation involved showing the patch counts between Windows 2K and Redhat 7.x. If I recall correctly those numbers came out to rougly ~1050 patches versus ~350 patches for roughly the same time period (yes all very ROUGH, we like it ROUGH...).

    So I decided to look at the patch counts of some other OS's just to make things look silly when in comparison.

    First up, my favorite... OpenBSD! On average for all releases excluding the current ones (3.3 and 3.2), the average patch count is... (note that for 2.2 to 2.6 I doubled the count because at that time they were only supported for 6 months not 1 year like post 2.6 releases were, thus the patch counts rose this isn't really all that fair but as you'll see it doesn't REALLY matter):

    32 patches per release. Which is about fair when compared to redhat since they also only patch for a year (yes yes yes, you aren't getting patches for all this other software that you'd use out of ports but hey microsoft isn't providing many patches for other peoples products if at all)

    Now lets do VMS (this is scary...)...

    A look through bug-traq archives starting at 1997 the average count over the past 6 years has been 4 patches per year. But hey when you've been around the same evolving codebase for 20 years you're bound to hit that point of diminishing returns. Of course if you're not throwing out your codebase due to limitations and problems in the original design *cough* ...

  4. Re:Not true at all! by deranged+unix+nut · · Score: 5, Interesting

    Would you trust the patches more if the patch system told you how many people had installed the patch, how long it has been installed on a critical mass of systems, and how many users reported problems after installing the patch?

    (I don't know if any patch system does this...just asking)

  5. Re:Security patches used with political means? by teamhasnoi · · Score: 4, Interesting
    Apple did the same thing with iTunes 4.0.1

    Kept you from sharing your playlists off your subnet I think...there is a /. story about it here

    The dumb thing is that everyone who cared about it caught it before hand, and every one who doesn't care most likely doesn't share their lists.

    I was going to post that MS should go to a Apple Software Update sort of thing - it's easy, the patches usually work flawlessly and you can get self contained disk images of all of them to install at your leisure.

    Then I realized that this probably wouldn't work, as Apple has a much smaller subset of hardware to deal with than MS.

    Which got me thinking that perhaps MS isn't all bad? Maybe its all the crap that people try to use with their PCs from ISA days, and all the spyware that seems to be omnipresent in any shareware install that's causing all the problems. I mean, a browser intergrated into the OS can't be that bad can it?


    Then I remembered that Bill Gates eats babies with the devil every afternoon at 4 pm.

    Whew! I almost fell to the dark side!

  6. It needs a patch: it IS broken by Otis_INF · · Score: 4, Interesting

    Yes, the patches themselves. People don't install them because they break critical production software which must not be broken.
    That critical production software NEEDS a patch, f.e. it has a security hole, or runs on top of an OS that has a security hole. THerefor it IS already broken and thus needs patching. THere is NO excuse for not patching your software, like there is also no excuse for having security holes in your software.

    --
    Never underestimate the relief of true separation of Religion and State.
  7. Why is the patch system not a part of the OS? by pe1chl · · Score: 5, Interesting

    I have always wondered why each patch is distributed as a standalone executable...
    Why is there no standard program on the Windows system, that installs a patch that is distributed in a file that contains only the update?
    When I patch my Linux system, I retrieve a .RPM and it is installed using the rpm program already on the system.
    Windows even has that "MSI" stuff, then why is a Microsoft patch not distributed as a .MSI file?

  8. Re:Of course. by molarmass192 · · Score: 4, Interesting

    The difference is that Linus et al. do not CLAIM to be innovative. MS touts themselves as having invented everything from the toaster to the space shuttle. Reading an MS PR release is like listening to an Al Gore speech in my mind. Neither the Linux kernel nor MS are particularly innovative, but at least Linux hackers do not falsely claim to be. MS does take a lot of heat on /. but I would say that MS's arrogance as a whole is on par with the /. camp's arrogance so it's pretty much a wash.

    Also, even though you didn't mention it, some repliers did, I don't use Linux because it's free as in $$$. I can afford the $200 XP Pro price tag. I use Linux (1) becuase I am able to see/change the source as I see fit, (2) it's modular structure lets me tailor the kernel for each box/purpose, (3) I like and use the command line extensively (not all of us are point-and-clickers), and (4) because it's not built around the asinine all-your-eggs-in-one-basket registry concept.

    One final point on the $$$ argument. I would guess that over half the XP installs out there are pirated copies anyhow. Every time I see a pirated copy of XP it pains me to NOT call the BSA but I refrain. In fact, I'd bet that most MS backers on this board have one or more pieces of pirated MS software in their possession. It's a little hippocritical to stand up for a closed source software company all while stealing (yes, it's theft) at the same time.

    --

    Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato