I don't agree with your argument at all. The current MS strategy of delaying the release of fixes until they can be bundled into a roll-up, or SP leaves can leave the end-user vulnerable for weeks, months or even years. There is certainly an advantage to bunlding all of your security updates for a particular product at regular intervals. However, that should not replace the incremental/individual fixes even if they aren't considered to be critical at the time. Another important issue that you mentioned in your article is that people don't want to wait to download large monolithic security patches, especially those on slower links. Incremental patches can help in this area as they download quicker. These smaller updates can also be queued and downloaded in the background while users go about their business. Windows XP does this nicely, and can be configured to install automatically, or to prompt the user for confirmation before installation. It's not a perfect solution, but it will certainly help to catch those users who would otherwise be less likely to download those fixes.

-=darkphyber=-

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/112/16675#16675