> -----Original Message----- > From: Bassett, Mark [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 06, 2003 9:21 AM > To: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] Automating patch deployment > > > The good thing about SUS is that you can set it up to not > push out the packages until you approve them. The SUS box > downloads all the critical updates and then they sit in queue > until you tell them it's ok to push them out. I think that's > the best way to handle the situation. Sure it creates a > little admin work, but I think the advantage is clear.
The bad thing about SUS is that it uses Windows Update technology which means it can be incorrect when determining if a box needs a patch. This means you can *look* like you're patched when you're not. To me, that is unacceptable behavior. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
