Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Patches Go For Quality Over Quantity?

Posted by Zonk on from the can't-we-have-both dept.

greengrass writes "eWeek.com is running a story about another Microsoft 'study'. This one discusses how good Microsoft is at providing patches for their OS. This is Part 2 of 3 in a series of articles, the first of which compared Linux and Windows on legacy systems." From the article: "Bill Hilf, who is director of Platform Technology Strategy at Microsoft and heads its Linux and open-source lab, told eWEEK in a recent interview that 'the differentiator for customers is not the number comparison, but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage.'"

18 of 225 comments (clear)

  1. Focus Magazine Interview Haunts Gates by eldavojohn · · Score: 5, Interesting

    I'll be the first to point this out (as I'm sure it's been pointed out many times on slashdot)--Gates has openly stated in an interview with Focus Magazine that users aren't interested in bug fixes.

    I've read other interviews with Gates in which he went further to explain himself by saying that the feedback they received from users was rarely requesting a bug fix. He listed a percentage in the high nineties that was feedback suggesting new features. And so, with each upgrade and patch, the aim wasn't for security or bug fixes but instead for new features which a lot of people asked for. The engineers will blame him for taking that approach but I'm sure the businessmen will laugh and follow Gates all the way to the bank.

    Now, to be fair, it seems he has changed his stance (which--calm down--I believe people are allowed to do). And I applaud them if they really are trying to rectify what they made mistakes on in the past with their new patching strategy. There is (obviously) much debate about if they actually are trying to fix it and if these are actually quality patches. I'm sure the flamewar that ensues on this article will demonstrate that adequately.

    I will make a speculation though. IN MY OPINION, the largest thing Microsoft has to fear is a perfectly secure operation system they have created and distributed throughout the world. This is because they will no longer have "upgrades" or new versions of Windows to offer costumers. Yes, some customers are looking for new features, but oftentimes I find myself on my Windows machine just begging it to behave properly as a cut and dry OS. If the rumors of Vista are true and it is an efficient and secure operating system that can function in plain jane deterministic manners, then I want it dual booting with Linux and nothing more ... ever.

    --
    My work here is dung.
    1. Re:Focus Magazine Interview Haunts Gates by Information+Architec · · Score: 3, Interesting

      then I want it dual booting with Linux and nothing more ... ever.

      IF Linux is as stable as you make out, and you want "nothing more...ever", then why not make it - or Windows for that matter - available as a chipset, like the good ol' BBC Microcompuetr of yesteryear...? Whatever the OS, why should I waste my time waiting for the system to boot up or shut down, when so many other devices have their OS's on EPROM....I just want to switch on and go.

    2. Re:Focus Magazine Interview Haunts Gates by Anonymous Coward · · Score: 4, Informative

      users aren't interested in bug fixes.

      The thing is, he's right, he just didn't know it. Look at all the unpatched windows boxes that were spreading Slammer (or any of the other worms that spread like wildfire while using exploits that had been fixed months before). Users aren't interested in doing bug fixes.

      Automatic Windows Update's gone a long way towards fixing this for them, but they'll need to ditch updates to windows carrying their own EULAs (which breaks automatic update, since it will sit around and backlog all the patches until someone logs into an administrative account (which users aren't supposed to do for everyday use, right?) in order to click the agree button) in order to truly automate everything.

    3. Re:Focus Magazine Interview Haunts Gates by Tony · · Score: 5, Insightful

      If the rumors of Vista are true and it is an efficient and secure operating system that can function in plain jane deterministic manners, then I want it dual booting with Linux and nothing more ... ever.

      Those rumours have preceded every version of MS-Windows since NT 3.51 (the most secure and stable version of MS-Windows to date, in my experience). I've stopped waiting for MS to produce an exceptional operating system. There are much, much better alternatives out there -- OS X, Linux, *BSD, Solaris, etc. What's the point of waiting for MS to play catch-up?

      I'm interested in seeing Vista in action. I'll probably take a look when someone at work here picks it up. I don't hold out a lot of hope that it will beat the stability of Solaris, the ease-of-use and consistency of OS X, or the openness and general all-over chocolatey goodness of Linux and *BSD.

      Let's see if they still group programs by vendor, and not by function.

      --
      Microsoft is to software what Budweiser is to beer.
    4. Re:Focus Magazine Interview Haunts Gates by ZombieRoboNinja · · Score: 4, Insightful

      "IN MY OPINION, the largest thing Microsoft has to fear is a perfectly secure operation system they have created and distributed throughout the world. This is because they will no longer have "upgrades" or new versions of Windows to offer costumers."

      Just to play devil's advocate, Apple's OS is largely bug-free and secure, and yet quite a few people pay cash money for an upgrade every year or so. This is presumably because each new release of OSX has enough cool features to give it some appeal, even without a bunch of critical security updates.

      Would Apple sell enough upgrades to make a profit if they weren't making money from hardware (and iPod) sales? Maybe not, but it's worth asking.

  2. More M$ Hooey by TripMaster+Monkey · · Score: 5, Insightful


    Microsoft Corp. seems to be moving away from focusing on the actual number of security patches and updates that it and its software competitors release.

    But of course they are...since Joe Brockmeier and Joe Barr of NewsForge , as well as Pamela Jones of Groklaw did such a masterful job of debunking the ridiculous annual summary of vulnerabilities by US-CERT (discussed earlier on Slashdot), Microsoft has necessarily had to switch propaganda tactics.

    Instead, it is concentrating on making it easy and efficient for customers to obtain the security fixes and update their systems.

    That's funny...I've never had a problem with my Yast Online Update...

    "...patching, particularly for security, is not a 'Microsoft problem,' but something that affects all operating system and platform vendors," Hilf said.

    Nice straw man, Hilf. No one is claiming that non-Microsoft operating systems don't need to be patched. The issue is whether the patches are issued in a timely manner...or not.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:More M$ Hooey by IAmTheDave · · Score: 5, Interesting
      That's funny...I've never had a problem with my Yast Online Update...

      Nor have I had any issues with Windows Update on XP or Windows 2000/2003 Server or Professional. While patches may be a little lacking in expediency (sp?) it couldn't be easier to do. I love that I can have my office XP computer patch itself while my servers download but do not install patches without my explicit command. I can't imagine Windows Update - and especially automatic Windows Update being easier to use, even for non-power users.

      Right now, I think that OSX and Windows XP/2000/2003 really have the best in patching, with certain Linux distros being up there as well. Easily getting updates to users is no longer an issue, it's the speed/efficiency with which said patches become available that is to be compared.

      --
      Excuse my speling.
      Making The Bar Project
    2. Re:More M$ Hooey by TripMaster+Monkey · · Score: 3, Insightful

      What about Cox's boasting that Red Hat took the initiative to notify its users about the Flash issue?

      This quote sums it up nicely:

      From TFA (emphasis mine):
      In late 2005 when flaws were found in Macromedia's Flash Player, Red Hat took responsibility for providing users with a vulnerable version of the Flash plug-in and made an update available, he [Cox] said.
      How far does it go?

      Basically, if you are the one to provide the software, you are responsible for getting the patches to the users. This is one big reason the *nixes performance in US-CERT's annual summary of vulnerabilities appeared so poor...because the *nixes were also issuing patches for all the software that came bundled with the OS.

      --
      ____

      ~ |rip/\/\aster /\/\onkey

    3. Re:More M$ Hooey by m50d · · Score: 4, Insightful

      One difference - you mention office, but I suspect most software on a typical user's machine is not covered by windows update. Wheras as a gentoo user, everything on my machine is updated with one command. MS is doing well looking after their own products, but any application can compromise the system - they should try and get every windows program vendor using windows update.

      --
      I am trolling
  3. It may be good.... by Anonymous Coward · · Score: 5, Insightful

    It may be good to have lots of patches, but once you have a car where the duct tape weighs more than any other parts combined, isn't it time to just get another car?

  4. Efficient? by IceCreamGuy · · Score: 3, Insightful

    I wouldn't normally think of 4 hours and 6 zillion reboots as "efficient" or "easy". -Julius

  5. Uh, no. by Benanov · · Score: 5, Insightful

    How about, which vendor makes the patches unnecessary (i.e., few and far between) because it released a solid, working program?

    I don't want patch quality. I want program quality.

    I work in proprietary software. Most places that do proprietary software are overworked and quality suffers. (EA is an extreme example where workplace quality suffered as well as program quality.)

    In the places I've worked, everyone's too busy doing what they've been assigned and they're overworked because they're understaffed. Hiring more people means less money for the company so that generally doesn't happen.

    With FOSS, anyone can pick up the source if they have some spare time and hack away at it, and even if individual contributions are small, there's always someone with some spare time and a different view about how something should work.

    Once you start doing for money's sake, you spend more time worrying about your bottom line than about quality.

  6. anyone else think it's odd by subtropolis · · Score: 4, Interesting

    that the head of their "Linux and open-source lab" is also their "director of Platform Technology Strategy"? Why ever should that be?

    --
    "Our interests are to see if we can't scale it up to something more exciting," he said.
  7. efficient? by BushCheney08 · · Score: 4, Interesting

    ...but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage.

    My office recently donated some P3 machines to a homeless shelter. The process of wiping the drive and installing Win 2000(SP4) and updating it to be current took nearly 4 hours for one machine. This was a machine that had just the OS. I had to run Windows Update and reboot at least a dozen times. Each time, I'd select and install all patches available. Due to prerequisite patch dependencies, however, each update/reboot cycle would make another 10-15 patches available. Hardly efficient. You'd think they could roll it all up into one huge patch and make it available. (And yes, I can understand the need for some places to avoid certain patches - make that the option, not the norm!)

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  8. least complex? by ScislaC · · Score: 3, Insightful
    "but which vendor makes the patching and updating experience the least complex"
    I will say that Windows Update was better than anything else I had seen when it was initially introduced (I will admit to not having used Linux then though). However, any modern distros I've used (Ubuntu & Suse most recently) actually have a far LESS complex patch and update mechanism... because they patch all of the software and libraries as well, not just the OS. And they do it the same way as windows with a little notifier in the system tray (yeah, they don't autoinstall as far as I've seen, but, a couple clicks doesn't add to complexity as far as I'm concerned). Just my .02 on that part...
    --
    ART on dA
  9. Re:The patches just rarely add functionality by HardCase · · Score: 3, Informative

    XP still doesn't have support for Bluetooth...

    You mean the Bluetooth connection between my notebook and my cellphone that I use to connect to the Internet on the road doesn't really work? Uh oh...

    -h-

  10. Full credit to eWeek... by Chicane-UK · · Score: 3, Insightful

    Reading that article made such a refreshing change compared to the Microsoft 'propaganda' stories we usually get linked to. eWeek gave Linux vendors the chance to answer and explain all of the figures which seemed to side with Microsoft - and invairiably once dissected, the usual Microsoft massaging of figures clearly comes to light.

    One great example was this:


    Interestingly, Microsoft's Hilf has a personal Red Hat workstation in his office that he uses on a daily basis. He selected a random week in October to provide a snapshot of the updates made to his Red Hat Enterprise Linux workstation over that period. He found that, between Oct. 6, 2005, and Oct. 11, 2005, his workstation was updated 66 times.

    "I chose those dates randomly," he said. "I use this system daily, so it was literally a snapshot of a given workweek. All this illustrates is that patching and updating are part of any 'living' software system. It is part of the nature of modern software: Things change, bugs happen, features get added, and software needs to get updated."

    But Red Hat's Cox pointed out that the second update release for RHEL4 was issued Oct. 5, resulting in a very large number of updated packages over the period of a day or two, "which is what Hilf saw. We only issued two Update releases for RHEL4 in 2005, so he was quite unlucky in his choice of a random snapshot," he said, tongue in cheek.



    Unlucky indeed. Nice to see some unbiased reporting and not just verbatim duplication of Microsoft comments and 'press releases' for a change.

    --
    "Hey! Unless this is a nude love-in, get the hell off my property!!"
  11. Flamebait? by Anti-Trend · · Score: 4, Informative

    ...maybe. Wrong? Not really. The only thing more rediculous than rebooting a workstation several times after a small batch of updates though is doing the same with a server. I'm going to get a tad bit off topic, but in the same thread of throught, so bear with me. Every time someone posts on Slashdot that Unices have better uptimes than Windows boxen, you invariably get a half-dozen disgruntled Windows admins spouting off numbers of how long their servers have been up. What they don't take into account is that if those systems have been up as long as they claim, the necessary updates have not been applied. Most Windows updates still require that a system is rebooted before the patch actually takes effect. Unix-like systems, on the other hand, are routinely patched hot, and typically only require a reboot in the case of a kernel update or invasive hardware maintenance. If Microsoft does finally fix the design flaw that requires one to reboot after nearly every patch, it will not be innovative so much as becoming more Unix-like in design.

    --
    Working in a DevOps shop is like playing in a band made up entirely of keytarists.