Patching Paranoia - How Fast Do You Patch?

← Back to Stories (view on slashdot.org)

Patching Paranoia - How Fast Do You Patch?

Posted by Cliff on Tuesday October 21, 2003 @03:33AM from the closing-the-holes dept.

selfassembled asks: "I work for an IT group in the Boston area called Thrive Networks. After the most recent exploit was revealed, my company scrambled to get our client's servers patched within 48 hours. This is extremely difficult because no customer wants to be interrupted by a reboot during business hours. Our staff worked after hours to get this patch installed ASAP. How fast do you (or your IT group) install patches for major exploits like this? What do you consider to be an acceptable turn around time for a vulnerability patch that may not even have an exploit yet? After Blaster and Welchia we decided it's better to be safe than sorry, and our customers seem to agree."

8 of 681 comments (clear)

Min score:

Reason:

Sort:

In other news... by jbottero · 2003-10-21 03:35 · Score: -1, Troll

In other news, Slashdot eds SHAVE BEARDS and get jobs!!!!
1. Re:In other news... by Anonymous Coward · 2003-10-21 04:35 · Score: -1, Troll
  
  Uh, I don't get it. Patching is natural. Slashdot janitors with jobs and without beards is not natural.
  Slow Down Cowboy!
  
  Slashdot requires you to wait 2 minutes between each successful posting of a comment to allow everyone a fair chance at posting a comment.
  
  It's been 1 minute since you last successfully posted a comment
  
  Chances are, you're behind a firewall or proxy, or clicked the Back button to accidentally reuse a form. Please try again. If the problem persists, and all other options have been tried, contact the site administrator.
Here's the problem... by jbottero · 2003-10-21 03:38 · Score: -1, Troll

Here's the problem at Slash: A bunch of guys in their 40's who have never had sex with a woman (note, I didn't say never had sex, sheep and boys don't count).
1. Re:Here's the problem... by Anonymous Coward · 2003-10-21 04:33 · Score: -1, Troll
  
  Troll? I'm sure he didn't mean to offend you 50+ guys. Your longer experience with little boys and various mammals should not be underestimated.
Re:Better safe than sorry? by Overly+Critical+Guy · 2003-10-21 03:56 · Score: 0, Troll

What sort of testing is required just to plug a security hole? What, your network environment was based around that hole?

This is the same argument the people who got hit by Blaster made. I just had to wonder, was their network so precariously designed that a simple ~500kb patch that plugged a tiny DCOM hole would upset the entire balance? I think a lot of sysadmins use the "testing" thing as an excuse to put off installing patches. "Well, everything works right now so I don't really want to mess with it."

--
"Sufferin' succotash."
OH MAN WHERE TO BEGIN? (was Re:GENTOO ALL THE WAY) by Anonymous Coward · 2003-10-21 04:06 · Score: -1, Troll

I seriously don't know how to BEGIN to make fun of your pathetic post. I don't know if I should laugh or cry at your pathetic existance.

For starters, you have the username is "Captain_Loser". I mean, come on, that's way to easy. CAPTAIN FUCKING LOSER!? Is that what you introduce yourself as to girls? "Hey baby, you wanna come home with Captain Loser and father my children?" BWAHAHAHAH! Jesus H Christ you're useless.

Then of course there is the Gentoo issue. You are an OBVIOUS FLAMBOYANT GENTOO FANBOY. You just HAVE to proclaim "OMG GENTOO IS TEH R0XX0RZZZ" in a TOTALLY UNRELATED THREAD ABOUT MICROSOFT WINDOWS! Then you tout the merits of portage, one of the most inane methods of package managment ever created, because you've been BRAINWASHED by the GENTOO-USING MASSES into thinking the Gentoo is "the one and only be-all end-all Linux solution to the world's problems." I've got a news flash for you, fuckwit: IT'S NOT. Go get Debian or Slackware or SOMETHING that doesn't encourage the scrounges of lame 14 year old Linux developers that comprise the Gentoo Linux community.

In conclusion, you are a sad, pathetic human being. Your best option would be suicide at this point. Seeing as how your parents are already ashamed of you and have disowned you because of your vibrant homosexuality, I would suggest a trip to under the kitchen sink where you cosume the contents of all those colorful bottles. Death will be swift and painless as you drift off to sleep, your poison-bloated corpse rotting in the morning sunlight. Congratulations, YOU ARE A FAILURE.
Re:I don't apply these kinds of patches by __past__ · 2003-10-21 04:53 · Score: 2, Troll

Well, you apply other kinds of patches then, hopefully. Which also can break things and should be tested (even if both massively exploited holes and broken patches tend to be rarer).
I certainly didn't like patching OpenSSH on a machine I can only reach via SSH.

--
Programming can be fun again. Film at 11.
In soviet russia.... by aderkach · 2003-10-21 06:36 · Score: -1, Troll

Computer patches you!