Slashdot Mirror
Early Warning For Microsoft Premium Customers
techmuse writes "According to internetnews.com, Microsoft is giving its premium customers early warning about vulnerabilities and patches. Those of us who aren't lucky enough to have such a relationship with Microsoft may find ourselves at greater risk than premium customers as a result."
-truth
I had a steady B+ in my AI class until I failed the Turing test...
Not exactly. What MS is doing is telling their customers (with extended warranty) in advance, that in a few days they will be issuing a recall.
But, in a few days when the issue it, it will be issued to all of their customers, not just the higher paying ones.
They're not forcing you to pay.
You'll still get your patches in the usual Microsoft timely manner (weeks, likely), but these so called 'premium' members will get them a lot sooner.
Things will still appear the same to you, but premium members will get a heads-up before everyone else.
If you RTFA you'd know this is NOT what they are doing. You are implying that they're only releasing patches to premium subscribers. This is ENTIRELY false. They are simply letting *ANYONE* who wants to know in advance that a security patch is coming. That's it. Simple. Now go jump back on your FUD-wagon
Has there been a case where faulty software killed someone? (Other than by sheer annoyance, that is.)
Well, yes. The THERAC devices, used to treat cancer, did kill people due to faulty software.
I'm not aware of any deaths from microsoft software though.
i work in pharmaceutical research. my machines dose clinical trial volunteers, and record trial data, which then goes for clinical submission to create new drugs. of course faulty software can be lethal.
Premium customers do not get the patches earlier.
Premium customers get an early warning that patches are coming with some indication of the number of patches and their severity.
In my experience, the early warning is nice, but not especially accurate.
.signature not found
The U.S. government's Computer Emergency Readiness Team (US-CERT) has also been heavily criticized for providing security advisories to paying customers ahead of coordinated public release.
Last January, research firm Next Generation Security Software (NGSS) severed ties with the federally funded US-CERT and accused the organization of selling early access to vulnerability warnings long before vendor fixes are made available.
At the time, NGSS co-founder Mark Litchfield said it was "annoying" that CERT gave early warning on six vulnerabilities to its paid sponsors before vendor patches were created and made available. "The problem became apparent when the vendor we're working with on these vulnerabilities said they were contacted by government departments. CERT notified them ahead of patches being made available. We did not know about this policy to share this information with people who pay for that privilege," Litchfield argued.
But why do they need to sort the list in the first place? It's not like they have to call people in a certain order in order to make them aware of the vulnerability. They just need to post the information on their website and make it available to everyone simultaneously.
They are not giving patches away early, nor details of the vulnerabilities. So this won't mean we'find ourselves at greater risk than premium customers'. I don't expect most people to read the article before posting, and it is apparant that the editors stopped reading them ages ago too, but now even the guy submitting it hasn't read it?
Posts claiming it's extortion are way off-base.
If you need advance notice that a patch might be coming for, say, Outlook, pay for it. It sounds like a service of dubious value, as you won't be able to test the patch any sooner. I guess you can make sure your crack team of roll-out testers aren't all on vacation that day, but that's about it
RTFA!
Mark
Liked this comment? Why not buy me something nice
http://www.mtholyoke.edu/~rzdalea/cs100/software_
http://www.baselinemag.com/article2/0,1397,154440
Also google for Therac-25
All you get is an email from MS saying 'oh, next Tuesday we're going to release X patches, with Y rated critical, and Z rated serious'.
There are ZERO details on what the patch is going to fix, personally, I consider the advance notice almost useless except to tell you you need to have resources ready to roll out critical patches.
You get *no* details, *no* access to patches, and I have several emails from MS Security people who always include ' sorry, I can't give you any details about Tuesday's patch'.
Please, hate MS all you want, but at least hate them for a reason, not the typical /. drooling paranoia I see here.
--R.
If you actually read the article, you would know that they aren't actually offering patches early to their premium customers, they are only letting them know that patches are on the way. Everyone in the world gets the patches at the same time. Premium customers are at the same risk as we are. The reason for the "heads up" is so that IT managers can get ready for the huge task of updating every machine they manage. Individuals have only their own computer, or at most a handful of others. These patches are usually expected anyway. And you can find a "heads up" of your own just by reading tech news sites online.
-d
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
Even so, do you really think there is a solid link between MS Security Support and 911? Honestly, is there a real comparison there?
There just might be.
You can never go home again... but I guess you can shop there.
Everyday they don't never come correct
You can ask my man right here with the broken neck
He's a witness to the job never bein' done
He would've been in full in 8 9-11
Was a joke 'cause they always jokin'
They the token to your life when it's croakin'
They need to be in a pawn shop on a
911 is a joke we don't want 'em
I call a cab 'cause a cab will come quicker
The doctors huddle up and call a flea flicker
The reason that I say that 'cause they
Flick you off like fleas
They be laughin' at ya while you're crawlin' on your knees
And to the strength so go the length
Thinkin' you are first when you really are tenth
You better wake up and smell the real flavor
Cause 911 is a fake life saver
So get up, get, get get down
911 is a joke in yo town
Get up, get, get, get down
Late 911 wears the late crown
- Public Enemy
I hate to say this, but...
RTFA
Not getting patches or fixes sooner. Being told that there is a flaw sooner. In this case not even what the flaw is... just that there is one, and that in a day or so we'll tell the world what it is -- heads up, somethings coming. That's it.
No "protection," no early patches, no nothing. Just a nice little note saying "we're working on a couple of security flaws, details forthcoming"
Calm yourself please. If you want to hate Microsoft, please do it for a valid reason, not some bullshit like this.
Thanks.
-- Fareq
Has there been a case where faulty software killed someone?
Yes.
The poster clearly doesn't know what s/he's talking about, and is obviously just looking for something to cry about. Same old /. FUD.
/. is at least informed and grounded in reality. This is totally reactionary, underinformed cry-babyism.
The notifications sent to Premium customers are just that: notifications. We don't get the patches any earlier; the advance notice we receive simply gives us a general overview of the vulnerabilities and what they affect so as to help us plan the patch rollout.
And there's something wrong with that? Please... It's the responsible thing for Microsoft to do. And the poster thinks that leaves others "at a greater risk" than Premium customers? Please, explain to me how that could possibly be, given the fact that the patches are released to all customers (Premium and not) at the same time. Totally ridiculous FUD. You get the patches at the same time we do (unless you count betas, which... come on). We get advance notice because we have to plan for rolling out patches to tens of thousands of workstations and servers. We need to know in advance. Those of you who only have to worry about your PC (or maybe even 5 or 10 additional) don't. Simple as that.
Most of the anti-MS FUD on
Nice link and quote. It points to an article from 2002. The quote leaves out some important follow-up information as well - "Admitting this was a flippant answer to a flippant question, Mundie said that chief information officers had only recently begun to demand security, and it is only in the last ten years that Microsoft has attempted to play in the security-requiring worlds of banking payroll and networked systems."
Still not a great response from Mundie, but at least Slashdotters have the whole picture. And, yes, security is a potential revenue stream for MS - but it's through the creation of new products, not charging folks to download and apply patches.
Your mind looks a little cramped. Why don't you stretch it a little?