RSS
Microsoft Increases Security By Patching Less
from the counter-intuitive dept
Let's see if we can follow the logic on this one. Because Windows systems need to be patched on a very regular basis, people are concerned about its security. Microsoft has responded to this by announcing they'll now release fewer patches. Sounds counter intuitive. However, the reasoning isn't that bad. Basically, most folks don't patch their system that often, because the day after you patch, it seems like another patch gets released - and if you're just going to spend your days updating your system, why bother at all? Thus, the thinking is that if they only release patches once a month, it will be a bigger deal (patch party!) and people will be more willing to install the patch. Of course, that does mean that security holes and bugs will remain open longer for those who normally do patch quickly. Microsoft claims that many hackers are using the patches as a blueprint for exploits - so getting more people to patch regularly, rather than patching often, should protect more machines. Not sure if things will actually work that way, but it's an interesting theory.
7 Comments | Leave a Comment..
- If The RIAA Wants To Talk About Misinformation Campaigns, Let's Start With The RIAA's Misinformation Campaign
- UK Report Blames The Internet For Terrorism, Says ISPs Should Take Down Content
- NY Times: RIAA & MPAA Exaggerate Piracy Impact Stats... But We're Going To Assume They're True Anyway
- Author Jonathan Franzen Thinks That Ebooks Mean The World Will No Longer Work
- Misguided Twitter Protests... And Why Twitter Could Have Explained Itself Better
Reader Comments (rss)
(Flattened / Threaded)
No Subject Given
The key thing is that if an exploit is out in the wild, you have no choice but to release the patch.
[ reply to this | link to this | view in thread ]
No Subject Given
[ reply to this | link to this | view in thread ]
Re: No Subject Given
[ reply to this | link to this | view in thread ]
Instutionalized Patching? It could work.
[ reply to this | link to this | view in thread ]
Critical Updates ...
On the other hand though, I sort of like the idea that Microsoft appears to be leaning towards a defined distribution of patches. If we have to slog our way through constantly patching the product @ least we can make it a part of our monthly tasks and schedule appropriately for this task. As it stands now, every time there is another security issue we get stuck having to place everything else on hold in order to attempt to protect ourselves.
[ reply to this | link to this | view in thread ]
Re: No Subject Given
Or how Microsoft fixed RPC DCOM in MS01-048, MS03-026 and MS03-039, only to have it come out again this week that RPC DCOM is vulnerable to the same bug, just that the mechanism to get to it has changed. I swear, Microsoft appears to be fixing the code solely to make the exploit not work, not actually fixing the vulnerability!
Just another reason why close-source security being more secure than open-source security is a farce, if the open-source folks fixed the exploit instead of the vulnerability, then everyone could see that they are idiots. With close-source, only the bad guys can see that they are idiots, but they are still idiots.
[ reply to this | link to this | view in thread ]
Re: No Subject Given
It's almost -- but not quite -- the same as publishing an exploit.
[ reply to this | link to this | view in thread ]
Add Your Comment