Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 24 Hr Vulnerabilty Patch - Would It Help?

Posted by Cliff on from the don't-hold-your-breath dept.

super_ogg asks: "In light of the recent Windows infection rate problem, it prompted me to ask the question: if Microsoft was able to guarantee a 24-hour-patch for a vulnerability (and hell didn't freeze over), how much would it affect the rate of infection seeing that a lot of people don't patch their systems? Would the rate of infection increase dramatically?"

5 of 70 comments (clear)

  1. No by MBCook · · Score: 3, Interesting
    Here is my theory, based on my observations and opionions.

    For big businesses, it wouldn't help. They are already on top of these things checking their firewalls and such, trying to prevent infections. (Note: if this isn't the case, they fit in with group 2)

    Then there is individuals. I can't tell you how many people's PCs I've found with basically NO updates applied (for whatever usually pointless reason). These are the people where such a quick patch could make a difference (since it tends to be home computers and those under the care of someone who doesn't know what they're doing), but they won't get the patch because these people don't patch in the first place.

    MS's best solution at this point would be to force automatic updates to be on for all copies of XP Home, with no way to turn it off (short of registry editing). That way, the computers would get the updates they need, but the few people who want to turn it off would probably know enough to run their computers safely if they knew where to find the instructions and how to change the registry. (I'm ignoring the point that anyone with half a brain that was a "power user" would want XP Pro over XP Home).

    A 24 hour turn around would be great, but I don' think it would make that much of a difference. Forced updates (especially if expanded to include XP Pro that isn't being managed by a domain controller/active directory to cover those one machine businesses and such) would probably go a farther way.

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
    1. Re:No by bergeron76 · · Score: 2, Interesting

      I can't tell you how many people's PCs I've found with basically NO updates applied (for whatever usually pointless reason).

      Here's my pointless reason: My unpatched Win2k (SP1) box has been working dutifully since 2002 _without any re-install_.

      I've had several _other_ Win2k boxes that had "Automatic Windows Update", and *EVERY SINGLE ONE OF THEM* has died for reasons "unknown".

      My theory is that there are many more virus writers (kiddee's) these days then there were a few years ago. They aren't targeting "old-school" exploits, they're all targeting the newest/latest exploit. By not using .Net Framework and all of the other "recent" Microsoft garbage, I've kept my box very secure. Granted, I can't run any apps that require Win2k SP4 (with .Net Framework); but that's actually been a blessing - I've discovered great alternative applications on Linux and OS X.

      --
      Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
  2. Unless, of course... by Ieshan · · Score: 2, Interesting

    Unless, of course, someone exploited the patching mechanism.

    If we were living in a world where Microsoft provided patches and people actually downloaded them, we'd probably be in a world of highly "seemless" updating. Microsoft would default enable automatic updates on Mom and Pop boxes or work desktops hooked up to highspeed connections, and exploiting a mechanism used nearly by everyone would be a disaster.

    That's the only way it could really increase. I agree.

  3. Re:Unlikely to increase by ma_luen · · Score: 2, Interesting

    A big problem that Microsoft faces is that when they release a patch it is reverse engineered to find the vunerability that it fixed. Since a huge number of individual users don't patch regularly (if ever) and corp. users want time to test the patch before rolling it out there is a lag between the patch release and it's deployment.

    This of course means that the hole that the patch fixes (which may not have been known about before the patch) can be used to exploit systems for some time. Hence frequent, unscheduled patches can increase infections rates and why Microsoft switched to the monthly scheduled patch rollout.

    Mark

  4. The answer is obvious by ignorant_coward · · Score: 2, Interesting


    and it is: no.

    Microsoft has spent so many years breeding a developer and user culture of ignorance, complacency, irresponsibility, negligence, incompetence, stupidity, insecurity, instability, undebuggability, unusability, and inconsistency that they are either beyond hope or they will take another decade to correct their course.