Microsoft Increases Security By Patching Less
from the counter-intuitive dept
Let's see if we can follow the logic on this one. Because Windows systems need to be patched on a very regular basis, people are concerned about its security. Microsoft has responded to this by announcing they'll now release fewer patches. Sounds counter intuitive. However, the reasoning isn't that bad. Basically, most folks don't patch their system that often, because the day after you patch, it seems like another patch gets released - and if you're just going to spend your days updating your system, why bother at all? Thus, the thinking is that if they only release patches once a month, it will be a bigger deal (patch party!) and people will be more willing to install the patch. Of course, that does mean that security holes and bugs will remain open longer for those who normally do patch quickly. Microsoft claims that many hackers are using the patches as a blueprint for exploits - so getting more people to patch regularly, rather than patching often, should protect more machines. Not sure if things will actually work that way, but it's an interesting theory.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
The key thing is that if an exploit is out in the wild, you have no choice but to release the patch.
[ link to this | view in thread ]
No Subject Given
[ link to this | view in thread ]
Re: No Subject Given
[ link to this | view in thread ]
Instutionalized Patching? It could work.
[ link to this | view in thread ]
Critical Updates ...
On the other hand though, I sort of like the idea that Microsoft appears to be leaning towards a defined distribution of patches. If we have to slog our way through constantly patching the product @ least we can make it a part of our monthly tasks and schedule appropriately for this task. As it stands now, every time there is another security issue we get stuck having to place everything else on hold in order to attempt to protect ourselves.
[ link to this | view in thread ]
Re: No Subject Given
Or how Microsoft fixed RPC DCOM in MS01-048, MS03-026 and MS03-039, only to have it come out again this week that RPC DCOM is vulnerable to the same bug, just that the mechanism to get to it has changed. I swear, Microsoft appears to be fixing the code solely to make the exploit not work, not actually fixing the vulnerability!
Just another reason why close-source security being more secure than open-source security is a farce, if the open-source folks fixed the exploit instead of the vulnerability, then everyone could see that they are idiots. With close-source, only the bad guys can see that they are idiots, but they are still idiots.
[ link to this | view in thread ]
Re: No Subject Given
It's almost -- but not quite -- the same as publishing an exploit.
[ link to this | view in thread ]