Included in the recently released XP SP1 where patches and fixes for flaws that were discovered shortly after the retail release of XP, Microsoft released fixes for those flaws and vulnerabilities earlier. If they hadn't, but instead waited until the SP was released some of them would have been left "open" for nearly a year! That approach would be entirely intolerable.

Waiting until enough patches are gathered together to form a "Service Pack" just plays into the hands of those who would exploit those defects. Patching each hole or flaw as they are discovered is a saner approach. You don't wait until your roof is missing most of the shingles to start a repair. You repair the damaged shingles now, and maybe 6 months later, you might have to still put on a new roof, but at least the damage to the rest of your hose was kept to a minimum.

An earlier poster referred to Microsoft as treating security fixes as a PR problem. They do, because almost every one discovered is first met with denial by MS, then by "Oh, it isn't really all THAT bad...", and finally some sort of response, be it a patch or "Well, that version wasn't really meant to be secure, so you will have to upgrade to get the peace of mind you are seeking." All of which is a PR department's standard method of damage control...the problem does not exist, it isn't really a major one, shift the blame to someone/something else and finally do something (albeit half-heartedly) about it.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/112/16660#16660