Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Won't Offer Patch Before Worm Strikes?

Posted by Zonk on from the i-object? dept.

techmuse writes "According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance." From the article: "The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update. The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems."

3 of 274 comments (clear)

  1. Simple answer by nurb432 · · Score: 0, Redundant

    Pay up to Guido or bad things might happen...

    --
    ---- Booth was a patriot ----
  2. Standard Corporate MO by Jerrry · · Score: 0, Redundant

    Microsoft is a corporation. Their goal is to make money for their shareholders. What they've done here is weigh the risk of bad publicity if they don't fix this worm before it activates versus how much it would cost to fix it now. They apparantly feel that the risk of bad publicity outweighs the cost of the fix.

  3. Re:The constant hate... by Last_Available_Usern · · Score: 0, Redundant

    I'm not even worrying about the turnaround time, I'm talking merely about the fact that they won't even let you download a single patch from them unless you pay to access their Metalink site. Thre are lots of pieces of software that use Oracle as a backend, and the vendor's integration of Oracle's patches is sometimes unacceptable to the point where you want to get the native Oracle patch and just apply that directly to the product and take your chances (PTC's Intralink is a prime example), but you can't, because your license is through the vendor, not Oracle. I would liken that to nVidia saying, "We're not going to let you download and use reference drivers anymore, unless you pay us a fee, even though you have indirectly paid us a fee by purchasing the product that contained our chipset."