Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 24 Hr Vulnerabilty Patch - Would It Help?

Posted by Cliff on from the don't-hold-your-breath dept.

super_ogg asks: "In light of the recent Windows infection rate problem, it prompted me to ask the question: if Microsoft was able to guarantee a 24-hour-patch for a vulnerability (and hell didn't freeze over), how much would it affect the rate of infection seeing that a lot of people don't patch their systems? Would the rate of infection increase dramatically?"

13 of 70 comments (clear)

  1. Unlikely to increase by Craigj0 · · Score: 2, Insightful
    Would the rate of infection increase dramatically?


    I cant see how providing patches faster would increase infection rate.
    1. Re:Unlikely to increase by ma_luen · · Score: 2, Interesting

      A big problem that Microsoft faces is that when they release a patch it is reverse engineered to find the vunerability that it fixed. Since a huge number of individual users don't patch regularly (if ever) and corp. users want time to test the patch before rolling it out there is a lag between the patch release and it's deployment.

      This of course means that the hole that the patch fixes (which may not have been known about before the patch) can be used to exploit systems for some time. Hence frequent, unscheduled patches can increase infections rates and why Microsoft switched to the monthly scheduled patch rollout.

      Mark

  2. Users are users... by rpbailey1642 · · Score: 3, Insightful

    Releasing patches that quickly would probably make the releases smaller, which means people would be less likely to cancel the download in disgust when they see it would take 2+ hours to complete. Having said that, given the users I've encountered, MS would need something like "Automatically Apply Patches without Prompting Me" as one of the initial options or users would just "X" out of the warning pop-up, as they do nowadays.

  3. hang on a minute by sycotic · · Score: 2, Insightful

    Would the rate of infection increase dramatically?

    That simply *has* to be a typo, you most certainly would expect the rate of infection to decrease quite quickly if everyone had automatic updates enabled...

    --
    -- If I were a fish, I'd be wet
  4. Interesting thought experiment... by TripMaster+Monkey · · Score: 2, Insightful


    Even if Microsoft could guarantee a 24-hour patch release (and the submitter's remark about the cold snap in Hell is pretty much on the mark here), I really don't see it making that much difference...unless systems were configured to apply patches immediately upon release, without being authorized by the sysadmin first. I don't think I'm the only sysadmin here who prefers to test patches on guinea pig machines before releasing them to the rest of my systems.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  5. Patches only work if they're installed. by boring,+tired · · Score: 2, Insightful

    Patches only work when they're installed. Many people don't install patches until they realize they've been hacked. Even if they are aware of new patches, system admins and users might be hesitant to install a brand new untested patch on an already working system.

  6. No by MBCook · · Score: 3, Interesting
    Here is my theory, based on my observations and opionions.

    For big businesses, it wouldn't help. They are already on top of these things checking their firewalls and such, trying to prevent infections. (Note: if this isn't the case, they fit in with group 2)

    Then there is individuals. I can't tell you how many people's PCs I've found with basically NO updates applied (for whatever usually pointless reason). These are the people where such a quick patch could make a difference (since it tends to be home computers and those under the care of someone who doesn't know what they're doing), but they won't get the patch because these people don't patch in the first place.

    MS's best solution at this point would be to force automatic updates to be on for all copies of XP Home, with no way to turn it off (short of registry editing). That way, the computers would get the updates they need, but the few people who want to turn it off would probably know enough to run their computers safely if they knew where to find the instructions and how to change the registry. (I'm ignoring the point that anyone with half a brain that was a "power user" would want XP Pro over XP Home).

    A 24 hour turn around would be great, but I don' think it would make that much of a difference. Forced updates (especially if expanded to include XP Pro that isn't being managed by a domain controller/active directory to cover those one machine businesses and such) would probably go a farther way.

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
    1. Re:No by bergeron76 · · Score: 2, Interesting

      I can't tell you how many people's PCs I've found with basically NO updates applied (for whatever usually pointless reason).

      Here's my pointless reason: My unpatched Win2k (SP1) box has been working dutifully since 2002 _without any re-install_.

      I've had several _other_ Win2k boxes that had "Automatic Windows Update", and *EVERY SINGLE ONE OF THEM* has died for reasons "unknown".

      My theory is that there are many more virus writers (kiddee's) these days then there were a few years ago. They aren't targeting "old-school" exploits, they're all targeting the newest/latest exploit. By not using .Net Framework and all of the other "recent" Microsoft garbage, I've kept my box very secure. Granted, I can't run any apps that require Win2k SP4 (with .Net Framework); but that's actually been a blessing - I've discovered great alternative applications on Linux and OS X.

      --
      Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
  7. Not much. Yet. by Deathlizard · · Score: 2, Informative

    Most of the Vulnerabilities happen weeks to months after a patch is released. It's just getting the patch on the machine that's a problem.

    As XP SP2 starts to overtake XP SP1 and SP0 sales, it should get better, since SP2 screams and yells if you turn off automatic updates. This is going to take a while since most people are paranoid of SP2 or MS won't let them install it cause their OS is a pirate.

    Hopefully in longhorn, they do the same thing they did with .Net 2003 SP1 and firewall the internet until windows downloads all the critical patches. This would stop the 12 minute problem pretty quickly.

    --
    In Soviet Russia, Trojan exploits YOU!
  8. Unless, of course... by Ieshan · · Score: 2, Interesting

    Unless, of course, someone exploited the patching mechanism.

    If we were living in a world where Microsoft provided patches and people actually downloaded them, we'd probably be in a world of highly "seemless" updating. Microsoft would default enable automatic updates on Mom and Pop boxes or work desktops hooked up to highspeed connections, and exploiting a mechanism used nearly by everyone would be a disaster.

    That's the only way it could really increase. I agree.

  9. The answer is obvious by ignorant_coward · · Score: 2, Interesting


    and it is: no.

    Microsoft has spent so many years breeding a developer and user culture of ignorance, complacency, irresponsibility, negligence, incompetence, stupidity, insecurity, instability, undebuggability, unusability, and inconsistency that they are either beyond hope or they will take another decade to correct their course.

  10. Mod Article Down by the+eric+conspiracy · · Score: 2, Funny

    Windows 24 Hr Vulnerabilty Patch - Would It Help?

    Immediate Answer Without Thinking: No.

    Answer After Thinking A Little About It: The question is nonsense because it is based on a silly premise.

    Answer After Thinking More About It: Waste of Time Because No Matter What You Do Windows is Going To Remain the Giant Petri Dish of The Internet.

  11. Cut down the number of installers! by AnamanFan · · Score: 5, Insightful

    Warning: Apple reference ahead, but no where does it state the fix is to buy an Apple computer.

    What would help the situation is if roll-ups or service packs were released in conjunction with hot fixes, limiting the number of total patch installers.

    Let's take Apple for example. In a nutshell, there's the retail box release (10.4.0), then a few security patches as needed (Denoted as: date of post). Let's say there are three of such fixes.

    Active Patch Installers: 3 (1 reboot)

    Eventually a point release is made (Denoted as: 10.4.1). This point release includes all of the previous security patches as well as other fixes usually along the lines of 'recommended' as Microsoft would put it.

    Active Patch Installers: 1 (1 reboot)

    After 10.4.1 is released, a few more security holes are found and patched, each with a date of release. We'll say there's two.

    Active Patch Installers: 3 (1 reboot)

    When 10.4.2 comes around, Apple releases two versions of the update:
    A smaller file size for systems with 10.4.1 installed
    A larger file if 10.4.0 (Retail) installed.

    Active Patch Installers: 2 - Only one needed (1 reboot)

    Here's the key point: From the retail version of the software, you only need to install one service pack release, and maybe 3 to 5 security patches at any point in time. Not 50 which branching restart cycles; One to five patches, one restart.

    Obviously there's some variation here and there. Apple will have a lot more than five updates at a time for all the other non-OS software, but the underlining concept is there:

    The fewer the installers and restarts, the easier patches are for the normal user.

    --
    AnamanFan - Trying to find the Truth, one post at a time.