Microsoft has now decided to have a period.
Well, not really, but it seems awfully similar. For those that don't keep up with these things (from those who do), Microsoft has now issued a new policy for their updates. Security bulletins will now be released on the second calendar Tuesday of every month. [Except when Mercury conjunction Saturn - and then they'll release an emergency patch to battle the forces of evil.]
Is this good or is this bad? Well, it depends on your perspective. The Security Bulletins were being issued weekly. This meant patching and rebooting every week. [Users hate when you reboot their computers on them...perhaps we should warn them? Nah...it keeps them awake and on their toes!]
Personally, I liked the weekly updates. I knew the systems were kept current and we could schedule SUS to reboot on the weekend. What I didn't like were the "chicken little" type emergencies created by the higher headquarters every Thursday. Sometimes reporting that your network is patched becomes more of an effort (in futility) than patching the system itself... And, of course, the users blamed us for the constant reboots -- even if they weren't around when it happened and weren't actually inconvenienced....they could have been inconvenienced -- and the mere potential is reason enough to spit venom at the LAN Shop. Ptui!
So now the users are getting their way. We won't interfere with their important
surfing research... yeah, that's the ticket; it's research. Now they will only be interrupted once a month. Isn't that nice?
Oh, wait... I guess instead of 2 or 3 patches a week, we'll be installing about a dozen patches a month. Hmmm...I wonder if any of those patches will be those "special" patches? You know, the ones that have to be installed separately and require their own reboot.
If they're going to put out a monthly update of patches, they should roll those patches up so that you can install them in a bundle. But, nooooooo.... the philosophers of Microsoft believe in free choice. You should have the choice to install or not install each individual patch. Individuality = Freedom. Let Freedom Ring! I'd like to let freedom ring...I'd like to let it ring around the necks of the...oh, nevermind... it's a waste of good rage.
I can understand why they're trying this method. People are complaining. Admins are saying that there are too many patches to keep up with them all. Perhaps they figure a monthly visit to the desktop with a CD is more feasible for the smaller sites (vs weekly desktop visits). And maybe they're right. Perhaps it will lend itself to the utopian patched world that they envision....
But, maybe not. What about the vulnerable machines? It seems to me that this would lengthen the discovery to patch time -- aiding malware creators. Once a vulnerability is discovered...it gets out --- FAST! Virus writers have from the time of discovery until the time a patch is released to infect ALL computers with new code. Once a patch is released, the number of vulnerable computers drops dramatically. And now they're talking about taking LONGER to release patches? Huh? Which side are they on? *confused look*
I guess it's yet another sacrifice of security for the sake of convenience.
Posted by BlueWolf on October 27, 2003 07:11 PM