Slashdot Mirror
Windows 24 Hr Vulnerabilty Patch - Would It Help?
super_ogg asks: "In light of the recent Windows infection rate problem, it prompted me to ask the question: if Microsoft was able to guarantee a 24-hour-patch for a vulnerability (and hell didn't freeze over), how much would it affect the rate of infection seeing that a lot of people don't patch their systems? Would the rate of infection increase dramatically?"
I cant see how providing patches faster would increase infection rate.
Releasing patches that quickly would probably make the releases smaller, which means people would be less likely to cancel the download in disgust when they see it would take 2+ hours to complete. Having said that, given the users I've encountered, MS would need something like "Automatically Apply Patches without Prompting Me" as one of the initial options or users would just "X" out of the warning pop-up, as they do nowadays.
Would the rate of infection increase dramatically?
That simply *has* to be a typo, you most certainly would expect the rate of infection to decrease quite quickly if everyone had automatic updates enabled...
-- If I were a fish, I'd be wet
Even if Microsoft could guarantee a 24-hour patch release (and the submitter's remark about the cold snap in Hell is pretty much on the mark here), I really don't see it making that much difference...unless systems were configured to apply patches immediately upon release, without being authorized by the sysadmin first. I don't think I'm the only sysadmin here who prefers to test patches on guinea pig machines before releasing them to the rest of my systems.
____
~ |rip/\/\aster /\/\onkey
Patches only work when they're installed. Many people don't install patches until they realize they've been hacked. Even if they are aware of new patches, system admins and users might be hesitant to install a brand new untested patch on an already working system.
Warning: Apple reference ahead, but no where does it state the fix is to buy an Apple computer.
What would help the situation is if roll-ups or service packs were released in conjunction with hot fixes, limiting the number of total patch installers.
Let's take Apple for example. In a nutshell, there's the retail box release (10.4.0), then a few security patches as needed (Denoted as: date of post). Let's say there are three of such fixes.
Active Patch Installers: 3 (1 reboot)
Eventually a point release is made (Denoted as: 10.4.1). This point release includes all of the previous security patches as well as other fixes usually along the lines of 'recommended' as Microsoft would put it.
Active Patch Installers: 1 (1 reboot)
After 10.4.1 is released, a few more security holes are found and patched, each with a date of release. We'll say there's two.
Active Patch Installers: 3 (1 reboot)
When 10.4.2 comes around, Apple releases two versions of the update:
A smaller file size for systems with 10.4.1 installed
A larger file if 10.4.0 (Retail) installed.
Active Patch Installers: 2 - Only one needed (1 reboot)
Here's the key point: From the retail version of the software, you only need to install one service pack release, and maybe 3 to 5 security patches at any point in time. Not 50 which branching restart cycles; One to five patches, one restart.
Obviously there's some variation here and there. Apple will have a lot more than five updates at a time for all the other non-OS software, but the underlining concept is there:
The fewer the installers and restarts, the easier patches are for the normal user.
AnamanFan - Trying to find the Truth, one post at a time.