The Promise--And Problems--Of The New Windows Update

TechWeb - InformationWeek ^ | July 12, 2004 | Fred Langa

[Glenn]

Service Packs are major updates

Good evening, my uber-deluded nemisis.

Still spouting the corporate line, I see.

[HipShot]

Why would you not patch your systems? That's irresponsible.

All my servers and workstations stay patched. You should do the same.

[HAL9000]

Service Packs are major updates

They're not "major" enough to charge money for. And XP SP2 is pathetically late.

[js1138]

All my servers and workstations stay patched. You should do the same.

The world of servers is a bit different from the world of PCs. If you are behind a reliable firewall you patch only if your application will benefit from it. Lots of servers run only one application.

[HipShot]

That may be true for windows boxes, but there is no reason to ignore patching a linux box. There is not the risk of breakage that exists with windows patches.

[js1138]

No large corporation installs patches simply because they're available. Lots of patches are of no consequense whatsoever, and don't justify the risk of downtime.

I live in an SBS world and my servers are naked to the world. I install all updates, but not the first day they're out.

[HipShot]

That depends on the vulnerability. If it's remote and relevant to what the box does, it's patched ASAP.

[js1138]

If it's remote and relevant to what the box does, it's patched ASAP.

I never said anything counter to that. But if you have a server running a database, and it runs nothing else, and it is behind a firewall, there's no sense bringing it down for a security patch that doesn't apply to its function. It the patch is required for database security, then yes.

[Musket]

My last 2 attemps at Windows Update failed. The first one(about a week and a half ago)took about 2 hours to install and then hung on a full progress bar. The latest attempt(this evening) after waiting a couple minutes for a 6 meg download, then waiting 3 or 4 hours for installation, hung on a full progress bar. I had to force quit them both.

I don't know what to do with this crap anymore.

[TheEngineer]

Still spouting the corporate line, I see.

Microsoft's free update service is the envy of the open source and mac communities. Call it a corporate line if you want, but that doesn't change the fact that I've received every update for Win2000 since Feb 2000, major and minor, free of charge. (I'm running Win2000 service pack 4.) They promise updates for 7 years on their operating systems, and thus far have delivered.

In contrast, Mac charges for major updates. Red Hat only offered support on any given distribution for one year. After that, they force you to upgrade to the next version. And that's even for their paying customers, like me. Of course, we know how they dumped their desktop line OS altogether, leaving many left in the lurch. How's that

[Bush2000]

Why would you not patch your systems? That's irresponsible. All my servers and workstations stay patched. You should do the same.

You misunderstood. Just because a patch is issued doesn't mean that people are going to patch their machines immediately. Many people will remain vulnerable because either they're ignorant, don't care, or deliberately avoid patching.

[HipShot]

My apologies; I misunderstood your intent.

[Bush2000]

They're not "major" enough to charge money for. And XP SP2 is pathetically late.

HAL, apparently you haven't looked at what's being included in SP2 -- because it certainly is a major update. You're just a little sensitive because every time Jobs pulls your leash and demands a few bucks, you have to ante up. I can understand why you'd be sensitive. I wouldn't want to pay for updates, either.

[HAL9000]

HAL, apparently you haven't looked at what's being included in SP2 -- because it certainly is a major update.

It adds a popup blocker for the web browser - years after the competition. That's what passes for a "major update" in the Windows world?

Even after SP2, Windows will continue to be a second-rate operating system.

[Bush2000]

There is not the risk of breakage that exists with windows patches.

Developers introduce unintentional and/or incidental regressions (aka bugs that break previously working functionality) all the time. Consequently, a decision to patch isn't based merely upon whether the patch is available and whether it can be installed with other components. Regression of functionality has to be a major consideration.

[mhking]

I've had the public beta for more than three weeks now with no problems.

I do like that IE blocks popups now, but for most of my work, I use Firefox.

[Bush2000]

It adds a popup blocker for the web browser - years after the competition. That's what passes for a "major update" in the Windows world?

There's no polite way to say this, so let's get this out of the way up front: You're ignorant. You simply don't know what you're talking about.

Windows XP SP2

[HipShot]

That's specific to your situation, and should be treated as such each and every time.

I got caught twice on a mail server with updates that broke functionality. In one case, a clamav update required a larger allocation of resources for threading, but it wasn't mentioned. As clamav didn't return an error code to qmail-scanner, all mail was delivered, infected or not.

On the other occasion, the perl suid "fix" required a minor change to my inbound and outbound qmail-scanner scripts, which actually delayed mail for awhile.

Patches can be a nightmare, but even so I'd much rather deal with undocumented issues than expose my doze users.

[avg_freeper]

One of those exploits namely the "apache - buffer overflow" might very well effect your mac. It is best to stay informed regardless of what brand of computer you use.

[HAL9000]

Windows XP SP2

I've seen the list. It's a yawner - except for the NX support. That is the most interesting technical development.