Slashdot Mirror
Microsoft Rushes Internet Explorer Patch
drquoz writes "Last week, it was reported that a critical security flaw was found in Internet Explorer. On Tuesday, experts were advising users not to use IE until a patch could be released. On Wednesday, Microsoft released the patch. An interesting quote from the article: 'Kandek suggests that Microsoft is at a disadvantage in updating Internet Explorer because its browser doesn't have a built-in update mechanism like other browser makers. Mozilla, for instance, just released Firefox 3.05 to Firefox users through its auto-update system.'"
Internet Explorer may not have an auto-update system, but Microsoft Windows has an update system rivaling that of Ubuntu and OS X in automaticness, if not scale.
Since Windows encourages users to allow automatic updates installed at 3am every morning and also by default installs any pending critical updates at system power down, it doesn't seem like any supported version of Internet Explorer should remain unpatched for too long.
If Microsoft had the same reputation that Mozilla did for their updates not screwing the pooch then maybe I would consider using that kind of auto-update feature.
Then again, I only use Firefox, and would never consider using IE. At one point do even common household users realize that IE is not the way to go?
No -- Firefox is at the disadvantage. If you're a single user running as administrator, its auto-update is great. However, the users (all running limited accounts) on our Windows/Samba network will have to wait until I install the new update manually because there is no built in mechanism for administrators to push out updates.
And should I use my cobbled together scripts to push out a security update for Firefox on the last day of finals when it might break everything, or should I wait until Monday?
On the other hand, the WSUS server that I set up worked exactly like it was supposed to last night.
Tightly bound indeed. I've been postponing the inevitable reboot all day long (GMT here). It's ridiculous to need a reboot just for a browser update.
Per application autoupdates are a horrendous pain. Each one has its own, completely idiosyncratic configuration mechanism, its own schedule, and its own behavior. A lot of them will run(but fail in various annoying ways) under limited user accounts, and they are utterly useless in an environment where firewalls or similar block application downloads on client machines.
I can understand why companies use them, since the alternative typically involves things sitting unpatched for ever and ever; but the whole thing is a mess. Hurray for package management.
IE is at a disadvantage because it doesn't have a built in update mechanism? Seriously?
IE updates are managed thru a single interface, windows update, and windows update is actually one small thing windows gets mostly right. I don't want every god awful program under the sun phoning home ON ITS OWN to god knows where and updating itself without my knowledge.
However I do want a convenient method to make sure I'm getting updates I may need from a trusted source. Windows update is better than programs phoning home on their own. Short of having an update repository for 3rd party apps like Linux distros do things, thats about the best you can hope for...
That is, unless you like the google software updater, apple software updater, etc, running all the time soaking up resources and generally being non-value added.
Overclockers
But does it check when you launch IE and install updates if they are available?
With Vista they've made it doubly annoying, as Windows Defender gets updates *all* the time. So if you've got it set to notify, you get a whole lot of nagging. If only you could pre-approve Windows Defender updates...
jh
FF needs a updater service that runs in the System context so that all FF updates can get installed without the user being logged on as an administrator.
I would never enable that feature on my PCs. The last thing I want Firefox to do is join the ranks of Flash, Java, Adobe Reader and iTunes with nagging auto-update services that always run in the background. Often the updates aren't even critical, I think many of those 'features' are pushed by marketing departments who want to plaster your desktop with as many of their logos as possible.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
If the user isn't bright enough to read the patch list, then why are you trusting them to selectively patch the OS?
Set windows update to automatic and be done with it.
I have yet to run into an average user with a properly working computer who has had a problem with something pushed through Windows Update.
While I would agree with you in theory, your ideas don't match up with what I've seen in the real world.
Until recently I worked in a mom and pop PC repair business. About 9 out of 10 systems I worked on were out of date, typically by a few months. I don't know for sure, but my guess is that users are switching auto-update off because can't be bothered with 'nag' messages from their software.
Granted, the machines I saw were generally dying, so it may not be a fair cross-section of home computer users. Still, the idea that 99% of home users should have new patches within a week flies in the face of what I saw every day.
Dangerous, sexy, turing complete: Femme Bots
Your comment shows ignorance.
When FF needs to install critical patches it restarts itself & conserves as much context as possible.
When windows needs to install critical patches it reboots the system & loses all context. Even if you delay the reboot to finish critical tasks the reminder that you need to reboot pops up periodically with reboot preselected. If you were performing an unrelated task & happen to hit enter at the wrong time the system reboots without saving your work possibly corrupting it.
I've seen it happen a few times & people do switch browsers after being burnt or seeing it happen to colleagues, but I suppose you'll just stick your fingers in your ears, close your eyes & mumble your prayers to the Redmond God to spare you...
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
Yeah, cause Active Directory scales great over the internet, and EVERYONE has a 100Mb connection or better at their place of business.
We're physically discontiguous and your solution, while what I would do (and have done) in single site or robust WAN environments, simply does not work with the tools I have at hand and the geographical barriers I have to hurdle.
So yeah, you pass the MCSE exam but fail the Real Life test. Not everything can be solved by dropping WSUS onto an underutilized server and defining a new policy object.
The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
I have Firefox running on Vista, XP, 2000, 2003, Mac OS X, OpenSUSE, Mandriva, Ubuntu, and others. Firefox versions 2 and 3.
My experience is that the Auto Update mechanism in Firefox is flawed. A number of these PC's never trigger to be updated even if they are months behind. One of my Windows 2000 servers often takes about a week before it's auto updated.
Experience shows that it doesn't check for an update at every launch. And that sometimes it gets stuck, something gets corrupt, and not until you ask it to check will it check again.
Granted, this is much better than most software. However the update mechanism needs work.
Microsoft signs/encrypts and then checks the IE package signature. As much as a dog Microsoft, their update mechanism is one of the best.