Windows 24 Hr Vulnerabilty Patch - Would It Help? 70
super_ogg asks: "In light of the recent Windows infection rate problem, it prompted me to ask the question: if Microsoft was able to guarantee a 24-hour-patch for a vulnerability (and hell didn't freeze over), how much would it affect the rate of infection seeing that a lot of people don't patch their systems? Would the rate of infection increase dramatically?"
Hell didn't free over? (Score:1, Redundant)
Don't slashdot editors read things?
Re:Hell didn't free over? (Score:2)
No - Free as in speech (Score:2)
Not free as in beer.
Unlikely to increase (Score:3, Insightful)
I cant see how providing patches faster would increase infection rate.
Unless, of course... (Score:3, Interesting)
If we were living in a world where Microsoft provided patches and people actually downloaded them, we'd probably be in a world of highly "seemless" updating. Microsoft would default enable automatic updates on Mom and Pop boxes or work desktops hooked up to highspeed connections, and exploiting a mechanism used nearly by everyone would be a disaster.
That's the only way it could really increase. I agree.
Re:Unless, of course... (Score:1)
Re:Unlikely to increase (Score:2, Interesting)
This of course means that the hole that the patch fixes (which may not have been known about before the patch) can be used to exploit systems for some time. Hence frequent, unsch
Re:Unlikely to increase (Score:2)
I assumed that was a typo, and he meant "decrease". "[A]nd hell didn't free over" is probably a typo, as well, although I'm sure Richard Stallman is still typing a furious GNU/missive to Cliff right now...
Users are users... (Score:4, Insightful)
Re:Users are users... (Score:2)
Re:Users are users... (Score:2)
Isn't automatic updates already an option for windows update?
Re:Users are users... (Score:1)
Re:Users are users... (Score:2)
Re:Users are users... (Score:1)
Releasing patches that quickly would probably make the releases smaller, which means people would be less likely to cancel the download in disgust when they see it would take 2+ hours to complete.
Only if they patched on a regular basis. Otherwise, instead of seeing one patch that takes 2+ hours to complete, they'd see 200 patches that take 2+ hours to complete altogether. In which case, they'd still cancel.
Re:Users are users... (Score:2)
Which is what they do (Score:2)
All the PCs set up _before_ this was standard practice (XP SP1, I think) default the other way, and there are still an awful lot of those about.
hang on a minute (Score:2, Insightful)
That simply *has* to be a typo, you most certainly would expect the rate of infection to decrease quite quickly if everyone had automatic updates enabled...
Re:hang on a minute (Score:1)
I dont think... (Score:1)
Re:I dont think... (Score:1)
"How many machines can we infect in 24hours or before a patch is released".
Interesting thought experiment... (Score:3, Insightful)
Even if Microsoft could guarantee a 24-hour patch release (and the submitter's remark about the cold snap in Hell is pretty much on the mark here), I really don't see it making that much difference...unless systems were configured to apply patches immediately upon release, without being authorized by the sysadmin first. I don't think I'm the only sysadmin here who prefers to test patches on guinea pig machines before releasing them to the rest of my systems.
Re:Interesting thought experiment... (Score:1)
Huh? (Score:2)
If the issue is folks not updating systems and applying patches, then how will any patch affect the rate of infection? Isn't that the issue? Patches don't work if they're not used.
How would MS issuing patches cause the rate of infection to increase dramatically? Are you saying hackers are using security updates as guides for exploiting sec
Re:Huh? (Score:2)
Re:Huh? (Score:2)
Slashdot gets it right for once. While hell is freezing over Microsoft will also provide 24 hour turnaround on providing patches for vulnerabilities.
Patches only work if they're installed. (Score:2, Insightful)
Re:Patches only work if they're installed. (Score:1)
Oh, and I thought these patches were intended for Windows!
Re:Patches only work if they're installed. (Score:1)
No (Score:4, Interesting)
For big businesses, it wouldn't help. They are already on top of these things checking their firewalls and such, trying to prevent infections. (Note: if this isn't the case, they fit in with group 2)
Then there is individuals. I can't tell you how many people's PCs I've found with basically NO updates applied (for whatever usually pointless reason). These are the people where such a quick patch could make a difference (since it tends to be home computers and those under the care of someone who doesn't know what they're doing), but they won't get the patch because these people don't patch in the first place.
MS's best solution at this point would be to force automatic updates to be on for all copies of XP Home, with no way to turn it off (short of registry editing). That way, the computers would get the updates they need, but the few people who want to turn it off would probably know enough to run their computers safely if they knew where to find the instructions and how to change the registry. (I'm ignoring the point that anyone with half a brain that was a "power user" would want XP Pro over XP Home).
A 24 hour turn around would be great, but I don' think it would make that much of a difference. Forced updates (especially if expanded to include XP Pro that isn't being managed by a domain controller/active directory to cover those one machine businesses and such) would probably go a farther way.
Re:No (Score:3, Interesting)
Here's my pointless reason: My unpatched Win2k (SP1) box has been working dutifully since 2002 _without any re-install_.
I've had several _other_ Win2k boxes that had "Automatic Windows Update", and *EVERY SINGLE ONE OF THEM* has died for reasons "unknown".
My theory is that there are many more virus writers (kiddee's) these days then there were a few years ago. They aren't targeti
Re:No (Score:2)
I hav
Re:No (Score:1)
I have an XP Pro machime, from which one critical driver update and one non-critical driver update have on purpose
Easy (Score:1)
The rate of infection would go down. Why? Because it's already commonplace for Microsoft to put out patches that break things. The added time pressure would only increase this.
The rate of infection would go down because broken computers are less easily infected.
Re:Easy (Score:2)
Not much. Yet. (Score:3, Informative)
As XP SP2 starts to overtake XP SP1 and SP0 sales, it should get better, since SP2 screams and yells if you turn off automatic updates. This is going to take a while since most people are paranoid of SP2 or MS won't let them install it cause their OS is a pirate.
Hopefully in longhorn, they do the same thing they did with
What he really meant was... (Score:1)
In light of the recent Windows infection rate problem, it prompted me to ask the question... if Microsoft was able to guarantee a 24 hour patch for a vulnerability (and hell didn't FREEZE over), how much would it affect the rate of infection seeing that a lot of people don't patch their systems? Would the rate of infection DECREASE dramatically?
Now can we just drop it
Re:What he really meant was... (Score:1)
Re:What he really meant was... (Score:1)
Re:What he really meant was... (Score:1)
ogg
INCREASE Dramatically? (Score:2, Informative)
I was doing retail computer repair up until November of last year.
The answer is obvious (Score:3, Interesting)
and it is: no.
Microsoft has spent so many years breeding a developer and user culture of ignorance, complacency, irresponsibility, negligence, incompetence, stupidity, insecurity, instability, undebuggability, unusability, and inconsistency that they are either beyond hope or they will take another decade to correct their course.
Mod Article Down (Score:3, Funny)
Immediate Answer Without Thinking: No.
Answer After Thinking A Little About It: The question is nonsense because it is based on a silly premise.
Answer After Thinking More About It: Waste of Time Because No Matter What You Do Windows is Going To Remain the Giant Petri Dish of The Internet.
Re:Mod Article Down (Score:2)
I knew it, the Cyberworld is flat *and* round.
SB
But what about severe problems? (Score:2)
While we are wishing (Score:2)
While we are wishing for the impossible, why do we not simply wish for Microsoft to guarantee no bugs?
NO vendor - not Microsoft, not IBM, not Sun, no one - can guarantee a "N" hour response time for 100% vulnerabilities (for 0 <=N<=1000, say).
There will ALWAYS be bugs for which it takes TIME to fix them - and the only way to deal with them until they are fixed is to shut the affected software down - and once again, th
Re:While we are wishing (Score:2)
It's a disclosure thing (Score:2)
Now, figure the average time someone goes between applying patches. Some update daily, but a lot of people update weekly, if at all. And suppose a vulnerability is discovered every 3 days. If patches were released the day they were completed, you'd be exposed about 70% of the time, if someone took the time to use the patches to locate the vulnerabilities. Now, if patches
No... But... (Score:2)
THE POINT of the QUESTION!!! (Score:2)
Cut down the number of installers! (Score:5, Insightful)
What would help the situation is if roll-ups or service packs were released in conjunction with hot fixes, limiting the number of total patch installers.
Let's take Apple for example. In a nutshell, there's the retail box release (10.4.0), then a few security patches as needed (Denoted as: date of post). Let's say there are three of such fixes.
Active Patch Installers: 3 (1 reboot)
Eventually a point release is made (Denoted as: 10.4.1). This point release includes all of the previous security patches as well as other fixes usually along the lines of 'recommended' as Microsoft would put it.
Active Patch Installers: 1 (1 reboot)
After 10.4.1 is released, a few more security holes are found and patched, each with a date of release. We'll say there's two.
Active Patch Installers: 3 (1 reboot)
When 10.4.2 comes around, Apple releases two versions of the update:
A smaller file size for systems with 10.4.1 installed
A larger file if 10.4.0 (Retail) installed.
Active Patch Installers: 2 - Only one needed (1 reboot)
Here's the key point: From the retail version of the software, you only need to install one service pack release, and maybe 3 to 5 security patches at any point in time. Not 50 which branching restart cycles; One to five patches, one restart.
Obviously there's some variation here and there. Apple will have a lot more than five updates at a time for all the other non-OS software, but the underlining concept is there:
The fewer the installers and restarts, the easier patches are for the normal user.
Re:Cut down the number of installers! (Score:2)
You are absolutely right, the way patches are handled on Windows is a friggin' mess, and Apple definitely does it a better way with their "delta" and "combo" updaters, plus the fact that there's no such thing as a reboot-requiring patch that insists on being installed separately from everything else-- no matter how many updates you've got listed in Software Update, you can do them all at once and reboo
Re:Cut down the number of installers! (Score:2)
Re:Cut down the number of installers! (Score:2)
~Philly
Re:Cut down the number of installers! (Score:2)
Re:Cut down the number of installers! (Score:2)
~Philly
Re:Cut down the number of installers! (Score:2)
Cut down and simplify! (Score:1)
We have a Ubuntu Linux test box here at work for our proxy (which has a similar configuration). We click the nice little red icon in the top right hand corner and then click update. This is followed by all of the hard work of forgetting about it completely and going onto more important things while it automatically does everything (updating etc) for us, which let me tell you is a
Re:Cut down the number of installers! (Score:1)
Re:Cut down the number of installers! (Score:2)
You can even leave the old program running on the old files, if the old file's inodes can be left intact for a while.
UNIX has stood the test of 30+ years of use, and much of it is basically the same, in principle. Windows is only now catching up on the basics, too (Windows is doomed to re-invent UNIX eventually...but poorly). Th
Re:Cut down the number of installers! (Score:1)
Microsoft releases Cumulative updates, which supersede and consolidate several previous stand-alone patches, on a fairly regular basis. These are pretty much equivalent to Apple's point releases.
I recently installed a new XP system with SP2 integrated into the install, and after boot it only needed to download 5 patches. One of them was Cumulative update for IE May 2005 or something like that, and the others were non-IE patches. Only one reboot was required.
Assuming you installed the original release of
Re:Cut down the number of installers! (Score:1)
Microsoft Update (Score:2)
Automatic updates doesn't seem to work well for me on 2000 either (the only time i've seen it notify me there are updates available is just now after doing a manual Microsoft Update).
Forget prompt 24 hour updates, Microsoft can't even pr
Geeky Hell (Score:1, Funny)
Quality of Patch? (Score:1)
I think as long as there's 1 main OS that the majority of people on the internet use, we simply have to accept the fact that it's going to be a target for malicious code.
OS-free patch downloads would help a lot (Score:1)
A way to easily download patches WITHOUT loading anything but a minimalist, self-protecting, OS with only one network application available - one that connected to Microsoft to download the patch.
You can do this easily enough with DOS or Linux, just throw in modem and network drivers and an NTFS driver to write the patch files to the hard disk.
Of course, MS would rather use XP. I'd recommend a stripped down version that boots into a "safe mode with networking and m