Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Patches Go For Quality Over Quantity?

Posted by Zonk on from the can't-we-have-both dept.

greengrass writes "eWeek.com is running a story about another Microsoft 'study'. This one discusses how good Microsoft is at providing patches for their OS. This is Part 2 of 3 in a series of articles, the first of which compared Linux and Windows on legacy systems." From the article: "Bill Hilf, who is director of Platform Technology Strategy at Microsoft and heads its Linux and open-source lab, told eWEEK in a recent interview that 'the differentiator for customers is not the number comparison, but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage.'"

12 of 225 comments (clear)

  1. Focus Magazine Interview Haunts Gates by eldavojohn · · Score: 5, Interesting

    I'll be the first to point this out (as I'm sure it's been pointed out many times on slashdot)--Gates has openly stated in an interview with Focus Magazine that users aren't interested in bug fixes.

    I've read other interviews with Gates in which he went further to explain himself by saying that the feedback they received from users was rarely requesting a bug fix. He listed a percentage in the high nineties that was feedback suggesting new features. And so, with each upgrade and patch, the aim wasn't for security or bug fixes but instead for new features which a lot of people asked for. The engineers will blame him for taking that approach but I'm sure the businessmen will laugh and follow Gates all the way to the bank.

    Now, to be fair, it seems he has changed his stance (which--calm down--I believe people are allowed to do). And I applaud them if they really are trying to rectify what they made mistakes on in the past with their new patching strategy. There is (obviously) much debate about if they actually are trying to fix it and if these are actually quality patches. I'm sure the flamewar that ensues on this article will demonstrate that adequately.

    I will make a speculation though. IN MY OPINION, the largest thing Microsoft has to fear is a perfectly secure operation system they have created and distributed throughout the world. This is because they will no longer have "upgrades" or new versions of Windows to offer costumers. Yes, some customers are looking for new features, but oftentimes I find myself on my Windows machine just begging it to behave properly as a cut and dry OS. If the rumors of Vista are true and it is an efficient and secure operating system that can function in plain jane deterministic manners, then I want it dual booting with Linux and nothing more ... ever.

    --
    My work here is dung.
    1. Re:Focus Magazine Interview Haunts Gates by Anonymous Coward · · Score: 4, Informative

      users aren't interested in bug fixes.

      The thing is, he's right, he just didn't know it. Look at all the unpatched windows boxes that were spreading Slammer (or any of the other worms that spread like wildfire while using exploits that had been fixed months before). Users aren't interested in doing bug fixes.

      Automatic Windows Update's gone a long way towards fixing this for them, but they'll need to ditch updates to windows carrying their own EULAs (which breaks automatic update, since it will sit around and backlog all the patches until someone logs into an administrative account (which users aren't supposed to do for everyday use, right?) in order to click the agree button) in order to truly automate everything.

    2. Re:Focus Magazine Interview Haunts Gates by Tony · · Score: 5, Insightful

      If the rumors of Vista are true and it is an efficient and secure operating system that can function in plain jane deterministic manners, then I want it dual booting with Linux and nothing more ... ever.

      Those rumours have preceded every version of MS-Windows since NT 3.51 (the most secure and stable version of MS-Windows to date, in my experience). I've stopped waiting for MS to produce an exceptional operating system. There are much, much better alternatives out there -- OS X, Linux, *BSD, Solaris, etc. What's the point of waiting for MS to play catch-up?

      I'm interested in seeing Vista in action. I'll probably take a look when someone at work here picks it up. I don't hold out a lot of hope that it will beat the stability of Solaris, the ease-of-use and consistency of OS X, or the openness and general all-over chocolatey goodness of Linux and *BSD.

      Let's see if they still group programs by vendor, and not by function.

      --
      Microsoft is to software what Budweiser is to beer.
    3. Re:Focus Magazine Interview Haunts Gates by ZombieRoboNinja · · Score: 4, Insightful

      "IN MY OPINION, the largest thing Microsoft has to fear is a perfectly secure operation system they have created and distributed throughout the world. This is because they will no longer have "upgrades" or new versions of Windows to offer costumers."

      Just to play devil's advocate, Apple's OS is largely bug-free and secure, and yet quite a few people pay cash money for an upgrade every year or so. This is presumably because each new release of OSX has enough cool features to give it some appeal, even without a bunch of critical security updates.

      Would Apple sell enough upgrades to make a profit if they weren't making money from hardware (and iPod) sales? Maybe not, but it's worth asking.

  2. More M$ Hooey by TripMaster+Monkey · · Score: 5, Insightful


    Microsoft Corp. seems to be moving away from focusing on the actual number of security patches and updates that it and its software competitors release.

    But of course they are...since Joe Brockmeier and Joe Barr of NewsForge , as well as Pamela Jones of Groklaw did such a masterful job of debunking the ridiculous annual summary of vulnerabilities by US-CERT (discussed earlier on Slashdot), Microsoft has necessarily had to switch propaganda tactics.

    Instead, it is concentrating on making it easy and efficient for customers to obtain the security fixes and update their systems.

    That's funny...I've never had a problem with my Yast Online Update...

    "...patching, particularly for security, is not a 'Microsoft problem,' but something that affects all operating system and platform vendors," Hilf said.

    Nice straw man, Hilf. No one is claiming that non-Microsoft operating systems don't need to be patched. The issue is whether the patches are issued in a timely manner...or not.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

    1. Re:More M$ Hooey by IAmTheDave · · Score: 5, Interesting
      That's funny...I've never had a problem with my Yast Online Update...

      Nor have I had any issues with Windows Update on XP or Windows 2000/2003 Server or Professional. While patches may be a little lacking in expediency (sp?) it couldn't be easier to do. I love that I can have my office XP computer patch itself while my servers download but do not install patches without my explicit command. I can't imagine Windows Update - and especially automatic Windows Update being easier to use, even for non-power users.

      Right now, I think that OSX and Windows XP/2000/2003 really have the best in patching, with certain Linux distros being up there as well. Easily getting updates to users is no longer an issue, it's the speed/efficiency with which said patches become available that is to be compared.

      --
      Excuse my speling.
      Making The Bar Project
    2. Re:More M$ Hooey by m50d · · Score: 4, Insightful

      One difference - you mention office, but I suspect most software on a typical user's machine is not covered by windows update. Wheras as a gentoo user, everything on my machine is updated with one command. MS is doing well looking after their own products, but any application can compromise the system - they should try and get every windows program vendor using windows update.

      --
      I am trolling
  3. It may be good.... by Anonymous Coward · · Score: 5, Insightful

    It may be good to have lots of patches, but once you have a car where the duct tape weighs more than any other parts combined, isn't it time to just get another car?

  4. Uh, no. by Benanov · · Score: 5, Insightful

    How about, which vendor makes the patches unnecessary (i.e., few and far between) because it released a solid, working program?

    I don't want patch quality. I want program quality.

    I work in proprietary software. Most places that do proprietary software are overworked and quality suffers. (EA is an extreme example where workplace quality suffered as well as program quality.)

    In the places I've worked, everyone's too busy doing what they've been assigned and they're overworked because they're understaffed. Hiring more people means less money for the company so that generally doesn't happen.

    With FOSS, anyone can pick up the source if they have some spare time and hack away at it, and even if individual contributions are small, there's always someone with some spare time and a different view about how something should work.

    Once you start doing for money's sake, you spend more time worrying about your bottom line than about quality.

  5. anyone else think it's odd by subtropolis · · Score: 4, Interesting

    that the head of their "Linux and open-source lab" is also their "director of Platform Technology Strategy"? Why ever should that be?

    --
    "Our interests are to see if we can't scale it up to something more exciting," he said.
  6. efficient? by BushCheney08 · · Score: 4, Interesting

    ...but which vendor makes the patching and updating experience the least complex, most efficient and easiest to manage.

    My office recently donated some P3 machines to a homeless shelter. The process of wiping the drive and installing Win 2000(SP4) and updating it to be current took nearly 4 hours for one machine. This was a machine that had just the OS. I had to run Windows Update and reboot at least a dozen times. Each time, I'd select and install all patches available. Due to prerequisite patch dependencies, however, each update/reboot cycle would make another 10-15 patches available. Hardly efficient. You'd think they could roll it all up into one huge patch and make it available. (And yes, I can understand the need for some places to avoid certain patches - make that the option, not the norm!)

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  7. Flamebait? by Anti-Trend · · Score: 4, Informative

    ...maybe. Wrong? Not really. The only thing more rediculous than rebooting a workstation several times after a small batch of updates though is doing the same with a server. I'm going to get a tad bit off topic, but in the same thread of throught, so bear with me. Every time someone posts on Slashdot that Unices have better uptimes than Windows boxen, you invariably get a half-dozen disgruntled Windows admins spouting off numbers of how long their servers have been up. What they don't take into account is that if those systems have been up as long as they claim, the necessary updates have not been applied. Most Windows updates still require that a system is rebooted before the patch actually takes effect. Unix-like systems, on the other hand, are routinely patched hot, and typically only require a reboot in the case of a kernel update or invasive hardware maintenance. If Microsoft does finally fix the design flaw that requires one to reboot after nearly every patch, it will not be innovative so much as becoming more Unix-like in design.

    --
    Working in a DevOps shop is like playing in a band made up entirely of keytarists.