Patching software still "far too difficult": news.com

Navigation

User login

GWT in Practice at Manning
GWT in Practice at Amazon
GWT Resources

Quote

Francis Bacon

The human understanding is no dry light, but receives infusion from the will and affections; which proceed sciences which may be called "sciences as one would." For what a man had rather were true he more readily believes. Therefore he rejects difficult things from impatience of research; sober things, because they narrow hope; the deeper things of nature, from superstition; the light of experience, from arrogance and pride; things not commonly believed, out of deference to the opinion of the vulgar. Numberless in short are the ways, and sometimes imperceptible, in which the affections color and infect the understanding.

Patching software still "far too difficult": news.com

Wed, 02/25/2004 - 06:59 — charlie.collins

In the news.com article Much ado about patching "security experts" are quoted as saying that patching software is still "far too difficult" and that this is what leaves systems vulnerable. I dont know how else to say this but, give me a frickin break.

The Windows and Linux and Solaris and you name it software that I have used for the last few years has been ultra simple and quick to patch. Yeah, even Windows. In fact Windows is better than Linux (some Linux vendors, such as Red Hat have an auto update that is nice if you want that sort of thing, but none are quite as nice as the Windows auto update feature with notification).

The fact is that people are too lazy and or ignorant to bother even trying to patch systems. Many if not most administrators, Windows or Linux or otherwise, do not allow the auto update of their software for various legitimate reasons and they are correct in this approach. Yet this many if not most group also does not bother to keep up with security alerts and patches and then manually install them. That tedious manual install process usually involves the click of a button or maybe two and or typing one thing on the command line and hitting enter. In addition if the updates need to be applied across an array of multiple machines there are tools for batching that process as well. "Too difficult" indeed.

The linked article does correctly point out that people should demand more from their software and we should not be in the perpetual update cycle in the first place (which is more frequently the case on Windows than Linux, in my first hand experience, although both do need updates from time to time, Windows needs much more frequent attention). True things *should* be better than they are but the fact is that they will never be perfect.

Updates and fixes are a reality and administrators that are not applying them in a timely manner need to be fired or worse (maybe tar and feathered since those machines often become exploited and then go on to proliferate other exploits and viruses and take up everyone elses time, cpu cycles and bandwidth). And such updates and fixes may *never* get any easier to install, they are already trivial.

Oh, and as always, if you really want to end the vicious cycle of perpetual Microsoft OS patches, get the major security and reliability update.