Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Third-Party Patching Conundrum

Posted by ryuzaki0 on from the who-do-you-trust? dept.

An anonymous reader writes, "The Zero Day Emergency Response Team, or ZERT, stepped out of the shadows a week ago to offer a quick patch for the Microsoft VML vulnerability. eWeek reports that reactions to third-party patches have been mixed. Jesper Johansson, a former Microsoft security consultant, said 'I will not use the unofficial patch, nor can I think of anyone I would recommend it to.' ZERT has enrolled former White House IT security expert Marcus Sachs as a spokesman of sorts. He told eWeek, 'This patch is just another arrow in the quiver. These guys are some of the best-known reverse engineers and security researchers. It's a tight-knit group that has worked for years to make the Internet a safer place. This isn't a patch created by some guy in a basement.' And while MS did release an out-of-band patch this week for XP, ZERT releases updates for operating systems that are out of MS support: Windows 98, Windows 98 SE, Windows ME, Windows 2000 and Windows 2000 SP3."

2 of 63 comments (clear)

  1. No M$ bashing here... by xTantrum · · Score: 1, Interesting
    I could see arguments for both sides. microsoft's own patches can usally be automatically updated without going to another website, but at the same time these third party patches are usally quicker to be released and i have to wonder, is it not like open source in the sense that many people are working on the same problem?

    These people obviously know what they doing and to be quite honest with you, I like to choose whether or not i update my system with the latest patch that may slow down my computer or install sh*t i don't need. However thats for computer savy inidividuals like myself. however i don't see this really happening with the mass. People will just turn on automatic updates and click on that irritating flashing icon in the system tray. Who cares what it is, its obviously from m$ so it must be needed - so the thinking goes.

    --
    $action = empty(PHP) ? backToC() : unset(PHP) ; "when the concrete cases are understood, the abstractions are readily
  2. I'll use them by ancientt · · Score: 3, Interesting
    I don't know anything about them, but when I get back to work on Monday I'm going to investigate with the hope I can use them to keep my old Windows installs secure. If they're doing patches for Windows 2000 then I practically have to at least look at the option. If Microsoft were reliable and didn't stop releasing security patches for "old" OSs, then I wouldn't need to.

    I hope this really irks the people at Microsoft that make the decisions on when to EOL something.

    --
    B) Eliminate all the stupid users. This is frowned upon by society.