On Thu, 2003-09-04 at 01:51, Robert Ahnemann wrote: > >Again, the message is M$ should fix their software. Trying to automate > >the patch cycle without the permission of the user is and still does > not > >solve the initial problem. > > Good point, but my emphasis was on people obtaining the patches in the > first place. While yes, they might be unreliable, they at least cover > the publicized exploit. When was the last time that a worm was > extensively spread via an undocumented hole, or even a hole that was > documented and never patched? MS is good about fixing what it finds. > Whether or not those fixes cause further issues which require patching > is a separate issue. As long as the patch is ahead of the virus, where > does the accountability really fall? >It's great that you think that way... So the last I heard, a patch >eventually caused machines all over the place to shut down >automatically. From the way you are gushing about the merits of >patching, I believe you'll rather that happens than that your machine >gets hacked, while I believe there is realistically no difference, and >would rather have the machine up for another day/month.
Its not so much that I like to patch. I personally have never had a problem with a patch messing up a system here at work. I'm sure there are some cases where there might be conflicts, no doubt. I think you might be inflating the severity of the 'problems' with any given patch. I don't think it's straight to compare a patch problem with something like Nachia or Blaster. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
