Posted 22 October 2003 - 11:55 PM
You have to look at it from microsoft's point of view. So many of the exploits that have made the news lately have been holes that were fixed for months. But because most admins are lazy there were more unpatched systems than patched systems. It makes ms look bad. Sure the holes shouldn't exist, but they do and ms correcting their mistakes is a good thing. Not nearly as good as making fewer of em, but the world isn't perfect.I understand there are procedures at most companies that prevent them from patching live systems before those patches are thoroughly tested. But come on, that doesn't take 6 months. Any patches you've failed to apply to your system after 6 months will never be applied. And the minute that hole gets exploited they'll blame microsoft.The school I go to is a good microcosm of this. Everyone has a laptop. Well everyone who takes at least 12 credits, which is 90% of the students. And all of the faculty, even if they teach only 1 class. So many people were ignoring even auto-update that every time a patch gets released the system admins send out emails to everyone on campus telling them to install the patch. That friday we get a reminder. Then another the following monday. At that point they're down to 50-75 people who haven't patched (out of 1400 laptops). Over the next two weeks they send 3 more reminders to just those students. At that point after 6 emails if the patch still hasn't been applied they're access to the campus network is blocked, forcing them to go to the help desk so the patch can be applied for them. Normally 80% of those last hold outs are forced to go to the help desk. And when they get there they act dumb founded as to why they were blocked.Lastly I doubt that even if ms forces you to install the updates I'm sure they're be ways around it. My school forces us to keep office scan 5 on our system. It even checks for updates every time we reboot (as long as we're on the network). According to the campus system admins there is no way around this. But about a dozen of us removed officescan in a way that prevents it from re-installing (which it tries if it fails to find a copy when it checks for updates). All of us use other virus scanners (most of us are Norton folks), so are systems are still safe, we just don't have to deal with their slow anti-vir. And I guarantee none of us need to be reminded 6 times to install a critical patch. Good admins find a way to make the software do what they want, even if its not supposed to work that way.