Time to End Microsoft's Patch Tuesday?

← Back to Stories (view on slashdot.org)

Time to End Microsoft's Patch Tuesday?

Posted by Zonk on Thursday May 10, 2007 @05:44AM from the plenty-of-time-for-trickery dept.

buzzardsbay writes "Techtarget's resident security curmudgeon, Dennis Fisher, is calling for an end to Microsoft's monthly security patching cycle. Fisher points out that 'a hacker only needs one unpatched system, one little crack in the fence in order to launch a major attack on a given network. The sheer volume of the patches Microsoft releases each month makes it quite difficult for even the most conscientious IT department to get every patch out to all of the affected systems in a reasonable amount of time.'"

5 of 256 comments (clear)

Min score:

Reason:

Sort:

Otherwise known as... by ivan256 · 2007-05-10 05:49 · Score: 0, Troll

Patch Tuesday - AKA: The day before the zero-day exploits are released.
1. Re:Otherwise known as... by drinkypoo · 2007-05-10 06:37 · Score: 0, Troll
  
  Obviously take that with a grain of salt, since we've all seen the 'emergency patch after patch day' deal. Just my take.
  
  I've had THIS conversation repeatedly, too. My argument against is the same as yours - clearly, the QA is not effective. We've seen that time and time again. They don't even adequately test service packs!
  
  It's a great idea, but the evidence just doesn't support it. I'm not saying they're not doing QA, just that it's not what's stopping the timely releases. Besides, one of two things must be true; either the tests complete at different times, which means that some patches could be released earlier, or that some of the tests are being terminated before they complete, to make them all terminate on time for patch tuesday. I would of course suspect the former before the latter.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Volume of patches won't get better by aichpvee · 2007-05-10 05:58 · Score: 0, Troll

Also wouldn't hurt to take a lesson from apple and scrap their operating system and start over with a *nix.

--
The Farewell Tour II
This round broke live update... by Tmack · 2007-05-10 06:16 · Score: 0, Troll

At least for me, I applied the "IE6 cumulative service pack blah blah blah" update that the windows update thingy told me needed updating, rebooted, and about 5 minutes later, it popped up again, asking to install the same thing. Since I dont even use IE, I dont really care, I just wish the updater would quit thinking it needs to update what it just updated!
tm

--
Support TBI Research: http://www.raisinhope.org
Re:I have always wondered... by Zonk+(troll) · 2007-05-10 09:06 · Score: 0, Troll

I haven't done any serious programming on Windows, but it seems non-sensical that patching security holes should ever break a properly-coded application to well-defined APIs. That's the problem. The vast majority of Windows software is, in terms of coding quality, utter and total shit. Especially educational apps, which I've had to suffer with for far too long. Business apps are likely as equally shitty, if not worse.

This is why I love using Debian (servers) and Ubuntu (desktops). Everything just works. Updates just work, and no reboots are necessary.

--
"The Federal Reserve is a fraudulent system."--Lew Rockwell
End The FED. -