Slashdot Mirror


Microsoft Plans An Overhaul For Patch System

sckienle writes "ZD-Net has an article about Microsoft's plans to overhaul their patch system. 'Ninety-five percent of attacks happen after a patch for a known software vulnerability has been issued' says Scott Charney, chief trustworthy computing strategist at Microsoft. Basically, Scott is promoting the idea that Microsoft can do a better job, in many ways, so people will trust and be able to install patches quickly. Microsoft has a transcript of Scott Charney's talk on their site." As reader sweeney37 summarizes, " Microsoft's plan is to reduce the patch installers from eight to two, they want to have one patch installer specifically for the OS side and one specifically for the applications." Sweeney37 points out this InformationWeek article on the planned change.

5 of 402 comments (clear)

  1. Re:User problem by pla · · Score: 5, Interesting

    If you turn off this feature, it's really your own fault that you get hacked.

    I will presume you mean that as a joke.

    You do know Microsoft's history of releasing "updates" that have a high probability of making matters worse than the bugs they claim to fix, right?

    I believe their last proof of this idea occurred... Oh, last week? And who can forget the legendary NT4 "even numbered SP plague"? They should have released 6a as 7, just to keep their f'd up patches consistantly named. ;-)

  2. Automated patches for pirated copies? by brogdon · · Score: 5, Interesting

    As I read this little blurb, I was thinking to myself that this probably won't help me any, since I have a pirated copy of XP (as do a nontrivial number of other users, I would imagine). My first thought was that Microsoft would require you to have an "activated" and properly registered copy of Windows and/or the MS applications you were running in order to receive the updates.

    But as I thought about it, I realized that not letting the pirates patch their installs of Windows might not be in MS's best interests either. If some worm gets loose, and 98% of registered Windows users are patched, but none of the cracked copies are, the worm will replicate to the 2% of unpatched registered users much faster than if you'd allowed the pirates to receive patches instead of trying to screw them with an insecure version of the OS. That would increase the ultimate number of infected machines and influence whether or not the worm becomes a PR problem.

    I'm not sure what I would do in this situation; I'd probably end up allowing pirated copies to update anyway and just try to capture their IP addresses on the sly in case I could use them later.

    --


    This tagline is umop apisdn.
  3. Interesting patch counts.... by Anonymous Coward · · Score: 5, Interesting
    About a year ago at work we had a presentation of why our clients should go with us and part of that presentation involved showing the patch counts between Windows 2K and Redhat 7.x. If I recall correctly those numbers came out to rougly ~1050 patches versus ~350 patches for roughly the same time period (yes all very ROUGH, we like it ROUGH...).

    So I decided to look at the patch counts of some other OS's just to make things look silly when in comparison.

    First up, my favorite... OpenBSD! On average for all releases excluding the current ones (3.3 and 3.2), the average patch count is... (note that for 2.2 to 2.6 I doubled the count because at that time they were only supported for 6 months not 1 year like post 2.6 releases were, thus the patch counts rose this isn't really all that fair but as you'll see it doesn't REALLY matter):

    32 patches per release. Which is about fair when compared to redhat since they also only patch for a year (yes yes yes, you aren't getting patches for all this other software that you'd use out of ports but hey microsoft isn't providing many patches for other peoples products if at all)

    Now lets do VMS (this is scary...)...

    A look through bug-traq archives starting at 1997 the average count over the past 6 years has been 4 patches per year. But hey when you've been around the same evolving codebase for 20 years you're bound to hit that point of diminishing returns. Of course if you're not throwing out your codebase due to limitations and problems in the original design *cough* ...

  4. Re:Not true at all! by deranged+unix+nut · · Score: 5, Interesting

    Would you trust the patches more if the patch system told you how many people had installed the patch, how long it has been installed on a critical mass of systems, and how many users reported problems after installing the patch?

    (I don't know if any patch system does this...just asking)

  5. Why is the patch system not a part of the OS? by pe1chl · · Score: 5, Interesting

    I have always wondered why each patch is distributed as a standalone executable...
    Why is there no standard program on the Windows system, that installs a patch that is distributed in a file that contains only the update?
    When I patch my Linux system, I retrieve a .RPM and it is installed using the rpm program already on the system.
    Windows even has that "MSI" stuff, then why is a Microsoft patch not distributed as a .MSI file?