> > The good thing about SUS is that you can set it up to not > > push out the packages until you approve them. The SUS box > > downloads all the critical updates and then they sit in queue > > until you tell them it's ok to push them out. I think that's > > the best way to handle the situation. Sure it creates a > > little admin work, but I think the advantage is clear. > > The bad thing about SUS is that it uses Windows Update > technology which > means it can be incorrect when determining if a box needs a > patch. This > means you can *look* like you're patched when you're not. > > To me, that is unacceptable behavior.
c'mon folks. if you rely on only one tool to make sure you're patched you deserve what you get. security is like an onion - layers upon layers! -d _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
