Slashdot Mirror
Microsoft Plans Largest-Ever Patch Tuesday
CWmike writes "Microsoft said it will deliver its largest-ever number of security updates on Tuesday to fix 13 flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and Forefront Security client software. Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system. The 13 updates slated for next week, eight of them pegged 'critical,' beat the previous record of 12 updates shipped in February 2007 and again in October 2008." Update Reader Kurt Seifried writes to correct the math a bit, pointing to Microsoft's Advance Notification page for the release, which says that rather than 13 flaws, this Patch Tuesday involves "13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning."
I am still worried about using Ebay to buy my star wars collectables from my Chrome Browser - http://it.slashdot.org/story/09/10/06/2118211/Null-Prefix-SSL-Certificate-For-PayPal-Released
The sun is the same in a relative way, but you are shorter of breath and one day closer to death
So it installs linux?
Yes, and kills problem users.
Does this mean that my Windows 3.1 box will finally get the DST update?
Last week's "critical updates" were two copies of Windows Genuine Annoyance.
Isn't Tuesday the first day back from a long weekend? Is that really the best time to do this? We'll be up to our eyeballs in password resets already. (How do people forget a password in three days?)
When our name is on the back of your car, we're behind you all the way!
I'm guessing windows 2000 isn't one of the operating systems that will be patched?
:(
I couldn't find details in the article, but since extended support has ended... RIP win2k
P.S. unless it's not affected by this? but I think there are previous vulnerabilities which haven't been patched too so maybe win2k is already dead and I missed the boat.
i got this awesome bug fix such that Outlook now says "This copy of Office is not genuine. Click here to learn more online." in an unremoveable toolbar
can't wait to see what gets patched next!
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I'd like to see a comparison between the number of patches to Linux vs. Windows. :)
Which do I think is a better OS in terms of security and stability? Linux. But I tend to get tired of the "Microsoft releases so many patches, their OS is obviously bad" argument when the it seems the whole development model of open source software (e.g., Linux distros) is that anyone can develop both features and patches, thus improving the software.
13 patches released at 13:00 of Tuesday 13. Windows sysadmins that day will have to pass below ladders, see a black cats cross in front of them and then break a mirror. But that will be nothing. The worst part will be when they turn on the computer, and see that windows is still running.
EVERY version of windows? Including windoze 95? I don't think so!!
Nope, that doesn't require a patch; it was built into the original release ...
is there a fix for popular '12345' Windows Live passwords ?
I'd like to see a comparison between the number of patches to Linux vs. Windows. :)
For just the kernel, or for a whole average distro? Which distro's kernel and which variant (e.g. SMP vs. uniprocessor) and which arch? (x86 vs. say, PPC or ARM)? Do we count all the optional modules, and what about the stuff that is out there which could be compiled-in, but usually isn't (e.g. Win4Lin extensions)? Are patches counted as individual diffs checked in to a CVS/SVN/BK repo source tree, or counted only if distributed .rpm/.apt packages by a vendor?
Otherwise, yeah, I can see your POV. :)
Quo usque tandem abutere, Nimbus, patientia nostra?
Will it make every PC that uses windows ME self-destruct?
Not likely, PC's running Windows ME probably don't have the power to do more than to self fizzle at most. I would personally be impressed if they let out the smallest little puff of smoke. I think the reality would be that they just refuse to power up due to shame.
Moved to http://soylentnews.org/. You are invited to join us too!
...and yes, I meant to say git and not BK. Stupid brain farts...
Quo usque tandem abutere, Nimbus, patientia nostra?
Does this include Windows 3.1?
Sleep your way to a whiter smile...date a dentist!
Fair questions, but easily answered: for whatever is being compared to in a Windows OS. Windows, as I recall, has a kernel, has components that are necessary, has components that are unnecessary, etc. It seems Linux fans easily lapse into thinking that Windows is one complete mess all bound into one, whereas Linux has messy parts but the core is great... but who installs "Linux" and doesn't install a "Linux distro." To be fair to Windows. I'd have to say you'd have to compare an entire Linux distro default installation to an entire Windows default installation... all software included in the iso, not the latest-updated-version-of-Amarok or whatever comes with it by default. Getting the latest Amarok version is just like getting the latest patch for Windows Media Player...
As for CVS/SVN/BK diff's and whatnot, that's hard to come up with... I have no clue how much code differences there are in a given Windows patch. For all I know, it's one single typo, but since it's a binary, the entire thing is built and sent over in the patch, right? So who knows? I would think, from an end-user perspective, it only counts as a patch if it's distributed in an easily installed format; e.g., as an update or as an rpm or included in the distro, etc.
Thanks for seeing my POV. :) hehe. I'm in an unfortunate position for my life on slashdot; I actually enjoy Windows OS's. And Linux distros. Awful, I know.
I don't like AIX though...
I blindly followed suit..
Computer will now throw itself out window. Press F1 to continue.
Funny may not give karma, but +5 Informative never made anyone snort coffee out their nose.
Yes, those users, too. ;)
No, it will only show the "Autodestruct" button. You still have to kill all monsters and hit it manually (with a fist) to have the PC assplode.
Nope, that doesn't require a patch; it was built into the original release ...
Yup. The hard drive with ME installation will jump out from the chasis, climb the refrigerator and rub itself all over the magnets.
Face your daemons!
http://blogs.technet.com/msrc/archive/2009/10/08/october-2009-bulletin-release.aspx
For October we are releasing 13 bulletins (eight critical and five important), addressing 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Most of these updates require a restart so please factor that into your deployment planning.
I'll wager not just ME, but all versions that are not Windows 7.
Well.... ALL of them, as the 13 updates includes office etc as well. Reguardless if it's SMP or uniprocessor, it's apart of the kernel, if it's a kernel patch it has to be counted, otherwise it wouldn't be linux would it? At the end of the day 13 is for everything "in this batch", so if your going to be counting linux bugs, i would count everything you'd consider linux, just because one distro doesn't include one part of the kernel doesn't mean you don't count a patch for it...
So it installs linux?
Yes, and it not only provides support for your hardware, but also provides child support and psychiatric support.
Face your daemons!
all software included in the iso,
You'd still be making an invalid comparison. The normal linux distribution includes multiple tools to do the same tasks. For example, most come packaged with both Gnome and KDE. It's pretty impossible to compare security by number of patches.
I'll wager not just ME, but all versions.
Fixed.
Here in the US it'll be Columbus Day. ...you nitwit.
Look, I know it's fashionable to make negative remarks about MS round here, but it's only fair to say 'well done' to them for bettering their previous high count. Hopefully they haven't run out of bugs to fix and they'll work hard to find and fix even more next time. Who knows, this time next year they could be fixing hundreds of bugs every month - and if we're lucky, some of them could be quite serious or critical - wouldn't that be just awesome!
Go MS!
AT&ROFLMAO
I was about to bitch about the submitter/moderator not RTFA, but it turns out, the article doesn't mention it either, so I'll clarify instead: thirteen updates are being released which together address thirty-four security vulnerabilities of varying severity across varying products (ten of which are targetted at Windows). So, that's NOT thirteen flaws (plenty more actually), just thirteen updates, some of which (all?) address multiple flaws in the particular system they are targetted at. Of course, this is just the advance notification, so full details about how many vulnerabilities each update addresses and the general information on them won't be released until the patches are next Tuesday. I think it's also worth nothing (although the summary of course neglects to mention it) that the good aspect of these updates are both major zero-day exploits (targetting IIS & SMB 2.0) are patched with these updates.
And while I'm posting, why does Slashdot insist on linking to shitty tech magazine articles (poorly) summarising the raw and accurate data straight from Microsoft? Seriously, I'm not sure if it's some sort of aversion to linking to MS, but they're the ones doing the patching, so it follows that they have the best, newest, most accurate data on them, and they'll likely be the first to provide updates on their content. These articles are just summarising what Microsoft has published on their various web-sites, and being a summary, they provide a lot more information and raw data:
Microsoft Security Bulletin Advance Notification for October 2009
October 2009 Bulletin Release Advance Notification
You..... you win. There is nothing better to be found on the internets than the image that put in my mind. Good game sir, good game.
Also, a lot of patches for linux software are adding new functionality. Not just fixing bugs.
Furthermore, what exactly is contained in one Windows "update"? As far as we know one windows update contains as many changes to the system as dozens of smaller patches in a linux distro.
But yeah, the idea that more released patches = less secure system isn't a very good one.
because as well all know, the concept of exchanging cash for digital content is solid unquestionable morality. meanwhile, if i were to assert that perhaps digital content reaches maximum economic value for its creators when it is valued at $0, that true economic influence is felt in the ancillary benefits surrounding the distribution of digital content, i'm just some sort of a kook
you could say i might even have something valid to say there, but microsoft plainly states it wishes to have cash in exchange for its digital content, and i have no right to abrogate that agreement. right, just like i have no right to question that the great grandchildren of the writer of "happy birthday" still deserve cash for someone playing that song somewhere. just like i have no right to question why a picture of a stupid mouse is still private property. etc.
you know what? i have every right to abrogate an "agreement" i was never consenting party to and see no logical, philosophical, moral, or economic coherence in
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The point the GP is trying to make is that they just aren't directly comparable. Limiting yourself to the Linux kernel is unfair to Windows, as Windows is much more than just a kernel. But comparing with a full distribution is unfair to Linux, as there is much more in a distribution than even Windows + Office + SQL Server + everything else that Microsoft Update covers.
Does it fix the problems with Windows 7? After reading this review of a pre-release download, I'm a bit hesitant to use it.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
So it installs linux?
Yes, and kills problem users.
Those users are not bugs they are a feature
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
A closer comparison would be between the number of patches to Linux vs. My bicycle tire.
I am using special exam software to take a grad school exam Wednesday morning. The version of the software which I'll be using was released TODAY. Would I be smart to turn off Automatic Updates on Monday, or is this just paranoia?
The number of patches and whether or not Windows or *nix requires more is pretty much a moot point. Both systems need to be updated regularly and both are vulnerable to automated vulnerability scanners that are being run 24/7 on compromised boxes. I won't re-tell the tale here, but you can check my journal if you want to read about the most recent tale of an Ubuntu box that I setup getting owned in under a month. Any OS that falls behind on patches becomes an exploitable target.
There is just NO comparison, Linux especially and all UNIX like systems are hugely more correct and stable than Windoze(TM) will ever be. Two reasons:
Bad and sloppy code gets found, fixed qickly, and is met with hoots of derision from other developers.
Certain FEATURES touted as a + for Windoze eg OLE never made it into Unix since their design required the OS to be broken by design and the developers declined to do it.
A couple of days reading LKML will show you how much chance a really bad idea, eg filetype based on extension, has of making its way in.
I run Internet facing machines with no firewall and get to send about 5 days a year fixing problems eg defend the slow ssh attack.
you think strong ip laws makes the begging less necessary? man, i wish
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
> > I'd like to see a comparison between the :)
> > number of patches to Linux vs. Windows.
> For just the kernel, or for a whole average distro?
Neither is at all fair.
Comparing security track records for all of Windows against just the Linux kernel is grossly unfair to Windows, because it's got a good deal more in it than just a kernel, and many of its bugs are in those other components.
But going the other way (an entire distro -- say, Debian) is even more unfair, in the opposite direction, because Windows includes only a *tiny* fraction of all the software in a typical Linux distro.
I suppose it would be possible to pick out a set of open-source packages that approximately corresponds, in functionality, to what comes with Windows out of the box, but it would exclude so much really *basic* stuff (from the perspective of a Linux user) that it would be extremely atypical and not terribly useful or meaningful. I mean, unless you're trying to fit on a floppy disk or something, what would be the point of a Linux distribution that doesn't even include a perl interpreter?
So all in all I'm not sure there's any really meaningful way to compare the number of bugs noted or patches issued.
You *could* compare the average amount of *time* it takes for a fix to be made available once any given (security-relevant) bug is discovered. I think we all have a fair idea which way *that* would turn out.
Cut that out, or I will ship you to Norilsk in a box.
So it installs linux?
Yes, and kills problem users.
Can't be it says it only fixes 13 flaws. I have more problem users than that.
I'm guessing windows 2000 isn't one of the operating systems that will be patched?
You're guessing wrong.
For details and a full listing of the affected software:
Microsoft Security Bulletin Advance Notification for October 2009 [Oct 8]
Yep. Nothing maximises profits like paying people to develop a huge patch, and then providing the bandwidth to distribute that patch free.
Unless, of course, your comment was a subtle parody of anti-MS crowd. ;)
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
I don't know that anyone is saying "Microsoft is bad because nobody should have to release 13 patches on one day" or whatever the number is. I think there are a couple of valid concerns, around issuing a set of patches that require a reboot on the first day back from a long weekend, for example. I'm also a little pissed off and confused, now that I'm using a Windows machine again for work, that when I came in for work today (Friday morning, we're 1/2 day ahead of USA), my machine had been rebooted in the middle of the night. Windows had decided it needed to reboot after installing "updates." My overnight download of a couple of movies for the weekend was, of course, stopped and not restarted. My linux machines never do anything like that without asking my permission, and if they are rebooted they come back to the configuration they were in before. I can't seem to get this windows box to do that either. Just nits, but the more I use both OSes, the better linux gets. Once (if) KDE gets stable, I'll never want to look at a windows machine again.
The subject who is truly loyal to the Chief Magistrate will neither advise nor submit to arbitrary measures (Junius)
As usual. You breathed on the PC, or you installed a mundane office app, time to restart the computer! I wish all Windows users would familiarize themselves with a good Linux distribution or other Unix/Unix-like system. Even if they decided they didn't like Linux and preferred Windows, at least this would disabuse them of the idea that any non-kernel update has a good reason to require a reboot to complete the installation. Then they would have some education as to what to reasonably expect, and the pressure placed on Microsoft might even advance the average users' experience a bit. The whole problem with Windows is that the average person thinks its quirks, shortcomings, and examples of plain stupidity are normal, as though they were the inescapable reality of operating a computer. They are not.
Also, maybe someone can help me out here. Why the hell does Windows Update often aggressively use 100% CPU when running in the background? By "aggressively" I mean it will tremendously slow down anything else you are doing (not at all the same thing as a low-priority task that can use 100% CPU when nothing else wants the CPU). I can boot Linux on the same PC and update not only the core OS (which would be similar in function to Windows Update) but also every last installed application without that kind of system load, without any noticable slowdown in any regular applications (browser, office software, e-mail client) I use. Frankly, I know this will make some of the more narrow-minded folks automatically assume I am trolling, but here's the reality: I see too much shit like this to take Windows seriously or to consider it an equally viable option compared to Unix. The technies and others I know who really like Windows and think it's great couldn't perform the most basic system administration tasks in any other OS, which tells me that they have no real basis for comparison, that their opinion is not an informed one. If someone with a wide variety of experience with alternatives wants to speak up and tell me why they really like Windows, why it's not substandard compared to any other modern system, please do, but good luck to ya.
LoL.
Sorry, I know we're not supposed to feed 'em..
Requiem for the American Dream
So where are the instructions for the patch party?
thegodmovie.com - watch it
Here's what you do: set up a WSUS server, set it to check for critical or important updates, sync and then check back every patch Tuesday for an updated list. FYI... There are thousands.
The game.
PROTIP: That's actually a usage error. He (or she) spelled "metal" correctly.
That said, I've had no issues with five different webcams functioning properly under Ubuntu, without having to compile anything. I believe this is commonly referred to as "It Just Works(TM)".
Additionally, I'll take "knowing about vulnerabilities quickly" over "having somewhat fewer vulnerabilities that are publicly disclosed, leaving out problems Microsoft doesn't feel like informing the admin community of until exploits are already being used in the wild" any day.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
Does this mean they're releasing Windows 7 a full 10 days early, then?
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Geez, no one has a sense of humor here, especially regarding a Microsoft v Linux joke. I must be in the wrong place.
The flaw is in the methodology, not in the the number of users.
For example, if there's an error in the filesystem driver with corrupt blocks, the fix is just in the drivers behavior, not in the number of blocks that it fixes.
Obviously, one of those fixes is in how you kill your users. While firearms work very efficiently, bullets are expensive. Go for rapid blunt force trauma. Training is mandatory. Too much force, and you get blood splatter. Too little force, and they're just annoyed. ("hey, stop hitting me").
Serious? Seriousness is well above my pay grade.
I'm not sure if this was an attempt at trolling, or just random wtf-age, but I was legitimately amused by it.
I notice you failed to include "useful" when you called them features. Does that mean they fit into the "inSecurity Center" and "User Accept Conditioner" category?
Just finished reinstalling 7 x64 and I gotta say, all said and done ~half of the "useful features" are now disabled. I wish they would maybe drop the proven less-than-useful services while they're adding more unuseful services.
***Lo and behold, the scary-useful "An unauthorized change was made to Windows. Windows must be reinstalled" feature just popped up. Gotta go...
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
The geek is pissed off by what to anyone else is over and done with one or two clicks of the mouse.
Or quite often turned off and never used again.
It is difficult to get a man to understand something when his job depends on not understanding it.
you can make a movie for $100 million, and make a nice profit in THEATRES. where you sell TICKETS
television was supposed to destroy theatres, then the vcr, then the dvd, then the internet... and there's always more money in it, even with all the cell phones and crying kids. people love the cinema
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Believe me ... I've sat and recompiled Spca5xx for a roomful of PCs after the monthly Linux updates. Last time I did it was less than a year ago.
Is it in the kernel now? Maybe ... I don't use Linux much these days.
No sig today...
...so far!
The CB App. What's your 20?
addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning."
Great... 34 restarts... :P
ERROR: SIG NOT FOUND (A)bort, (R)etry, (F)ail?:
Comment removed based on user account deletion
and your point?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Seriously, I hate when they release that many patches at once. I'd rather have all Windows one day, all Office a few days later or something. Two of the more recent big patch days, I had Windows problems (Made some computers slow to a crawl) and Office (Your software is illegal..what? They are all legit copies) problems on different computers strewn throughout the office. 16 people all demanding of me that they need to get their work done RIGHT NOW is rough to deal with. Of course, I could stagger the computers which get updated...but that isn't the point. ;)
Redhat Linux has more different patches in 6 months, than Microsoft has a in a few years. That doesn't make it less secure. In fact, most critical Redhat patches fix local privilege escalation issues. Redhat and most Linux distros, even with ample software installed: rarely have remote security issues that might possibly be exploitable by an unauthenticated user.
Usually, Linux is at risk, primarily due to weak choices of passwords, third party applications (web apps), and admin misconfiguration (e.g. making a directory under a web document root world-writable, or writable to the Apache user).
With Windows on the other hand... there are frequent remotely exploitable vulnerabilities in core system components and network services enabled by default (such as the kernel, RPC services).
Microsoft doesn't even generally treat local privilege escalation issues as critical, sometimes they even ignore them.. e.g. "not a security boundary we defend.". There are ample examples of security vulns MS has treated as important that later turned out to be major problems.
In fact... it's quite the opposite.. Windows is so insecure, not because there are many patches, but because the OS needs so many patches to be secure against remote exploits, and because it doesn't get all the patches it needs, because MS cannot seem to ever catch up with the reported security vulnerabilities.
Windows would be more secure if more patches were available to fix the bugs, and Windows users installed them reliably.
A fully patched Windows would be more secure if patches were released for a larger percentage of vulnerabilities.
If Microsoft only decided to acknowledge 1 report of a vulnerability per year, and release only allow 1 security bulletin per year to be released, it would not make Windows more secure.
In fact, Microsoft doesn't release enough patches for Windows frequently, and that's part of what makes Windows insecure, because a fully patched system almost always has unpatched flaws that are known to the public, but MS dismisses or delayed the patch for one reason or another (e.g. the NUL Prefix SSL Certificate bug reported by Kaminsky and Marlinspike in July, 2009).
Or at least patches to Win2K would be nice, maybe some working timezone data.
I also would highly recommend Microsoft release patches for Windows 3.11 to fix flaws in Win32s, and perhaps add IPv6 to Wolverine (winsock 1.1 for Windows for Workgroups)
“Common sense is not so common.” — Voltaire
A Linux box being used to scan for stupidly weak SSH passwords, you don't say how they broke in.
So the obvious answer is that you used a stupidly weak password too.
So what?
My Ubunutu Jaunty desktop downloaded 130mb of updates last night. And this isnt the first time either.
I didnt see the /. community getting their nickers in a knot about it
Exactly, it's such a tiny cost and to paints your company as caring about the stability and security of the consumers machines.
It means your salesmen can point to these stats, just like you have, and say "we spend our hard earned money to fix your problems".
Of course you must never even hint that every patch is actually a failure in the system that supposed to exist to prevent broken software from ever being released.
Windows is more patch than trousers.
Tempora mutantur, nos et mutamur in illis
They have one main use.
They contribute about $12,000,000,000.00 per year towards making Windows the most stable, secure and innovative OS on the planet.
"I've got more toys than Teruhisa Kitahara."
I don't know what you are talking about. I have been running ME for more than five years and it is still chugging alo
...an update system that works when the user wants.
This is truly the lynch-pin for the year of linux on the desktop. users will only get security updates when they want to. Just like when they got infected because they wanted a set of shiny new mouse cursors.
That's it! If we want users to be more secure we should distribute critical security patches in the form of new mouse cursors, smiley packs or screen savers.
Just think, tell the users "Click here to see the happy kittens" and bam, push the latest security updates on them.
I should patent that...
Celebrity worship is a poor substitute for Deity worship and costs more to boot.
weird
Celebrity worship is a poor substitute for Deity worship and costs more to boot.
nice strong bad reference
Obviously, you were lucky enough to never encounter the following error message:
Computer will now throw itself out window. Press F1 to continue.
But I have encountered the almost zen-like error message:
"Error: the operation completed successfully."
It occurs in Windows 3.1, 95, 98, 2k, and XP (have not tried ME, NT, Vista, or 7).
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Or quite often turned off and never used again.
How many users do you - really - think care enough to turn it off?
I think there are a couple of valid concerns, around issuing a set of patches that require a reboot on the first day back from a long weekend,
Just change your Windows Update settings to "Download updates for me, but let me choose when to install them". That way you have complete control over when the reboot happens.
So we get a patch of 10gb right? largest-ever-patch-tuesday or largest ever patchtuesday seems better to me. .
i've seen that exact troll several times - it's copy/pasted probably from some alt.coprophagia newsgroup or something
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
This is truly the lynch-pin for the year of linux on the desktop. users will only get security updates when they want to. Just like when they got infected because they wanted a set of shiny new mouse cursors.
As opposed to when the updates arrive, and you are in the middle of doing something, yes. I apply all the updates regularly, Not a problem. A few clicks and the job is done. And are you going to somehow explain to me how waiting a few minutes or even hours, as opposed to up to a month for an update is so terrible? And how come only Windows users keep expecting to see the year of Linux?
Of the two methods, which do you think is more likely to get turned off completely?
Updates on Linux are not a chore like they are on Windows. The interruption is minimal at worst. You just keep doing whatever you were doing while the updates download and apply, and when you turn off the computer, the next time it is turned on, the updates that actually need a reboot are applied. Why would anybody even bother ignoring it?
That's it! If we want users to be more secure we should distribute critical security patches in the form of new mouse cursors, smiley packs or screen savers.
Just think, tell the users "Click here to see the happy kittens" and bam, push the latest security updates on them.
Not a bad idea at all. Make it even slightly interesting, and many will do the updates a lot more willingly.
Obviously not as good as the "Oh shit.. I forgot to save the document before I went to make a sandwich" surprise that happens now. when the computer automatically reboots. Or the always popular "Windows wants to update NOW!!!" message right in the middle of an important presentation.
Lets be honest here. Even the most illiterate user will be motivated enough to turn the automatic updates off after the first few times this happens. I've seen it happen. Just as they do with virus scanners and firewalls when they get in the way, and just as the UAC checks result in automatically clicking "yes" every time they appear. And once turned off, no more problems with updates. No more updates.. Brilliant plan eh?
It is difficult to get a man to understand something when his job depends on not understanding it.
How many users do you - really - think care enough to turn it off?
Given the number of people I've come across who do, I'd say quite a few. Or are you trying to claim that these same users obediently apply all updates all the time?
It is difficult to get a man to understand something when his job depends on not understanding it.
To make it an apples to apples comparison, don't use windows as benchmark and try and add stuff to linux to make it look like windows
Why not?
Though IMO windows+office is quite comparable to a normal desktop install of most linux distros.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
If the system hasn't been patched as of Monday night, there is no real danger to leaving it unpatched until Tuesday night. You're not required to implement a patch the second it's available. Code you're patch and reboot to occur at 2am local time. The only people who get bunched about "when" updates happen to require a reboot are Linux folks who don't understand how Windows works or do, and just want to M$ bash. I've only been inconvenienced by a windows update once, and it was on my personal workstation - I happen to have my cursor set to jump to the default value of dialog boxes, and windows popped up a dialog with the option to reboot just as I was clicking in another window. Oops. I lost almost 8 minutes of working time waiting for the system to come back up - well, 8 minutes if you count the time I spent getting a coffee refill.
As for your movies - damn. Not only do you not know how to manage your winbox for updates (how much simpler can it get?), but you don't know how to auto-restart a download in the middle after a failure. Now, you might have a dual redundant UPS and an autostart generator with 72 hours of fuel powering your PC. If you do, then good for you. Otherwise, you can hand in your geek card on your way out the door. ;-)
Is it just my observation, or are there way too many stupid people in the world?
13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning
13 and 34 ...
So does that mean 47 restarts?
Getting the latest patch for Microsoft Office is like getting the latest patch for OpenOffice.org. Microsoft Office isn't part of Windows, but OpenOffice.org is part of most Linux distros.
all software included in the iso, not the latest-updated-version-of-Amarok or whatever comes with it by default.
No. Just no. The typical Linux distro comes with how many media players? And two or more database applications, where SQL server bugs would not get counted, because Microsoft makes you pay extra for them.
The only fair way to do it would be to compare $default_Linux_app_which_does_x to %default_Windows_app_which_does_x%.
Nope, that doesn't require a patch; it was built into the original release ...
Yup. The hard drive with ME installation will jump out from the chasis, climb the refrigerator and rub itself all over the magnets.
But that may ruin my magnets!
install them on friday, that'll make it friday the 13 ;)
Never antropomorphize computers, they do not like that
Define "average distro". Median? Mode? Mean? By installations or by simple existence? If mode installations, then yes, you're debatably right (although comparing dd, mount and umount with Nero is a bit of a stretch). The problem here is the vast difference in aims of Gentoo, Arch, etc. vs Ubuntu, Fedora, etc.
Disgusting...
Here be signatures
Maybe you could compare everything updated by Microsoft Update, to the equivalent programs in a typical Linux distro (take the most popular if more than one does the same thing?) Or Windows kernel patches to Linux kernel patches?
(1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
Wow, yeah, when you said BK, I thought I would take the initiative and get off your lawn.
I know Microsoft is often poked at, especially around these parts, for having so many vulnerabilities to patch, but at least there on the ball doing it. Not to mention, automatic updating has been the defacto standard now since XPSP2, so nowadays it's pretty hard not to be somewhat up to date. So my OS pulls down a batch of updates once or twice a month, big deal... I think Microsoft has done a good job with the hand of cards they've been dealt.
Not to mention, WSUS in the enterprise is an excellent, free tool for centrally managing patch deployment.
Number of patches and vulnerabilities aside, I think MS is a standout leader in this category.
and this too is a "lie", there are and have been updates that Microsoft has pushed that forced a reboot after installation - this was on all machines with windows update service running no matter the state chosen - ie. "Notify" "Automatic" or "Download but do not apply". what windows user has not come back to a computer only to have the little green icon in the lower rh-side telling you "Windows has been recently updated click here for more information"? And that is the problem, Microsoft has proven they can reboot your machine remotely - what else can they do??? I myself turn off the update service and use Heise's ctupdate, a magnificent tool.
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
Are you a CS major? If so, please focus on calculus for a while, and leave the arithmetic for the mathematicians!
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
I actually disabled passwords and had shared keys setup with OpenSSH. I remember reading something on here a couple of months ago about a vulnerability in OpenSSH. Since I just installed whatever was in the 8.04 repository and never updated it, I'm fairly certain that is what was exploited.
I've yet to see a good Linux/Unix distribution that offers centralized patch management in an easily administered manner to compare with WSUS.
Kernel issues still require a reboot.
Kernel issues do not always require a reboot.
Most of the time you can have a run-time patching within a separate LKM (Loadable Kernel Module).
Check this out for some more info about run-time patching
Read and Comment at my BLOG
!!!
Or maybe we should just realize that apples and oranges are just to dissimilar to compare effectively.
That isn't just common to Windows. Linux and other UNIX-alikes frequently have the rather paradoxical "Error: Success" (which I have also seen on Windows). I suspect there's something similar on the Mac. The reason behind this, incidentally, is when a command reports an error but doesn't give the reason (or it does give the reason, but it gets clobbered before being shown to the user because it's stored in a global variable: yay C design faults). This leaves the error code at "no error", which is translated into "Success" (or "the operation completed successfully") by the (standard library) code that translates error messages into strings.
(1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
Not too many media player, actually, unless you choose to a do an absolute complete full install. I should have rephrased, I didn't mean all software included in the iso as in installing all of it - I meant only getting it from the iso. Default installation is good for me.
I'm not saying it's perfect. I'm just saying the "M$ RELEASES SO MANY PATCHES!!!!1" response is, to me, disheartening and does the Linux community a disservice. It only raises the perception of a "dude, open source developers are so much better. we have so much better software. the only reason people don't use it is because M$ is an evil corporation trying to bring down the world" attitudes.
In reality, I'm not sure MS releases that many more - if not many fewer - patches than goes into a Linux distro after the Linux distro's release. All software included... as the "normal user" would use it/perceive it. Amarok "came with Linux" just like WMP "came with Windows" to a "normal" person :)
Never make fun of a man's wife, job, or religion. You may have touched all three nerves there.
Never go for funny unless you don't care about karma!
Free Martian Whores!
Who counts the vulnerabilities, and how? You can't really count them the same way, since Microsoft can just keep quiet about unexploited vulnerabilities, and you can't just count exploited vulnerabilities since a given vulnerability, once known, is much more likely to be exploited on Windows than on Linux. I'd call it impossible to do an apples-to-apples comparison.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
I didn't get an equivalent to Visual Studio with my Ubuntu install, but I'm pretty sure I got Apache, which would add IIS to the typical Windows install. It also wouldn't be surprising to get one or more equivalents to SqlServer, and some do provide multiple replacements for Visual Studio.
The standard Ubuntu distro provides patches for a large amount of software I've got, while Windows Update just updates Windows and IE and a few other things.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
"That said, I've had no issues with five different webcams functioning properly under Ubuntu, without having to compile anything. I believe this is commonly referred to as "It Just Works(TM)"
Try that under 64-bit Ubuntu. Logitech Quickcam EMessenger, Lifecam VX-1000/3000/6000, none work in 64-bit Ubuntu. I try every day.
But they'll work just fine in 32-bit.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
if i build a fence, i deserve to get paid
if i make a movie, i deserve to sell tickets in a CINEMA
if I PUT IT ON THE WEB, i deserve to have free advertising for my supposed skills as a moviemaker, and entice some to go to the cinema to buy a ticket
if i put a program on the web, i deserve to get a job to customize that program for a corporation's specific needs, make my resume look awesome, and become influential in my field. all of which translates into dollars in my pocket far better than setting up arbitrary, easily broken tollbooths between digital content and internet users, who expect, and deserve, unfettered access
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
What it does have is an update system that works when the user wants. Not when Microsoft demands. This is the difference.
Windows update used to work like that. As soon as an update was tested, it went on the Windows update server. Then they discovered that, for undisclosed vulnerabilities, attackers were just running diff on the binaries to find out which functions had been changed, decompiling them, and producing attacks. By scheduling updates for the same time every month, they made it easy for everyone to update quickly, so most potential targets for malware have been patched before the vulnerability can be reverse engineered.
This doesn't really apply to a Linux distribution. The upstream sources will have been fixed first, and people can look at the public repository to see the vulnerability just from reading 'security fix' in the commit logs. It then takes a while for each distribution to update their packages.
I am TheRaven on Soylent News
Like BITS and Shell Hardware Protection, you mean? Or was it the 3-5 services required to run Remote Access/Remote Desktop properly(IF it has been enabled through cmd/safe mode prior)? Maybe the firewall that only works one way? I know the 20-40 ways Win calls home is vastly important for MY privacy and security. How do I know these are all integral? b/c I have been disabling&replacing them in MS for years.
the most stable, secure and innovative OS in the universe.
Fixed that for ya, I will not report your lapse to the mothership... this time.
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
Yep. I'm a Linux (Gentoo preferred) user who switched back to Windows simply due to stability issues and I have well supported hardware (Intel Board and C2D). Simply put, I got tired of a damn update fragging K3b or Kmail or something else that was a critical app and no unlike many Gentoo users, I didn't believe in pushing 11 on the system, going for very conservative optimizations, using Os as my default (Optimze for Size). It was recently after a Crash Log Review that I determined that both Linux and Windows in 64bit flavors simply aint ready for the desktop, even though both work great on servers due to the limited functionality. Face it folks, update one core component on a 64bit desktop and likely you'll break at least two apps, which happened all to damn often for my peace of mind.
Because of this, I pulled 3 sticks of memory from my dekstop and dropped back to a meager 2GB and installed Win7-32, which seems to be pretty stable. Even XP/Vista/Linux are all pretty stable for 32bits, it's just that the 64bit versions still have quite a few speed bumps and I got tired of having to fix either of them on a regular basis.
Mod me up/Mod me down: I wont frown as I've no crown
Obviously modded by a Microsoft shill.