, 2003-09-15
The software-maker's dismal security record seems to have left it immune to criticism and shame.
Expand all |
Post comment
Does Microsoft Give a Damn?
2003-09-15
Anonymous (6 replies)
Anonymous (6 replies)
Does Microsoft Give a Damn?
2003-09-15
Anonymous (1 replies)
Anonymous (1 replies)
Don't Hold Strong Opinions About Something You Do Not Understand
2003-09-15
Anonymous (5 replies)
Anonymous (5 replies)
Don't Hold Strong Opinions About Something You Do Not Understand
2003-09-17
Billgatezebub is TEH DEVIL (1 replies)
Billgatezebub is TEH DEVIL (1 replies)
We Must Do Our Job
2003-09-15
Sean M. Lynch (2 replies)
Sean M. Lynch (2 replies)
Patch, reboot, patch, reboot....
2003-09-16
Anonymous (1 replies)
Anonymous (1 replies)
Useless rhetoric
2003-09-15
Anonymous (2 replies)
Anonymous (2 replies)
If only Linux required as little as 38 fixes.
2003-09-18
Scott G (3 replies)
Scott G (3 replies)
If only Windows allowed scripting w/o the security headaches.
2003-09-18
Anonymous (1 replies)
Anonymous (1 replies)
If only Linux required as little as 38 fixes.
2003-09-19
Anonymous (3 replies)
Anonymous (3 replies)
Of Course They Dont::Does Microsoft Give a Damn?
2003-09-18
Linux, Torvald. Mr. Linux Torvald to you. (1 replies)
Linux, Torvald. Mr. Linux Torvald to you. (1 replies)
Does Microsoft Give a Damn?
2003-09-19
Anonymous (1 replies)
Anonymous (1 replies)
Only two Suse patches?!?
2003-09-19
Anonymous (1 replies)
Anonymous (1 replies)
I'm saying that Microsoft has more patches out for their OS's than any other software provider, bar none.
This isn't true, at least when it comes to security specific patches - but - when it comes to most Windows admins it doesn't really matter who got the most/least patches out. Problem is they don't get installed period. Please read on and I'll explain.
Gary writes further:
The problem comes when people try to use Microsoft in "real companies" - IE, not a 20 PC shop run by someone who "knows computers" and got their favorite certification.
I'd like to think of my company as a "real company", with our 15'000+ clients and a few hundred servers. And yes, I do have a whole alphabet of certifications. (I'm the guy who wrote the first post).
Gary then makes a very valid statement:
I guess people can say "oh, you didn't run out and install the fix when daddy said so!" Well, unfortunately we can't afford unscheduled downtime, and I refuse to down servers every other week
I agree one hundred percent. But not all Microsoft patches are important. Why patch IE on a server that can't reach the internet (or other web servers)? However, when a patch like this RPC-DCOM comes along one really should drop everything and test, re-test and then deploy.
But this isn't what happens in most Windows shops (including the very large ones). One of my customers came crying that they've been torn apart by blaster. I went over to help them out and what do you know. Most of their servers (Win2K) where runing SP1, yes, that's correct Service Pack 1, released years ago. They thought they where safe cause their firewalls where running on linux (their quoute, not mine).
They where quite mad of course and wowed to port all their servers to linux as soon as possible.
Now think about that for a moment.
How often do you think people like that are going to patch their linux (or any other non-MS) servers?
This is what I fear is the worst problem with Windows based admins. The lack of interest in patching up (and locking down). Moving to another platform will not solve this. And if enough of these people move to then soon you will see not new blasters comming over the horizon, but a specific worm.
and Gary, all MS patches can be installed, scripted and run from the commandline ;)
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/185/22337#22337