And I don't recall the last time that we had to back out a patch in an over 3500 Windows machines environment. In fact, in the last seven years, I can only recall two incidents where a patch had to be backed out, and both of those were servers with special applications on them.
There's a vast difference in having to backout patches in complex production env;s and having a poor patch affect all or most every end desktop/home users system too though.
I'm not saying that it doesn't happen. It's just not as ubiquitous as some seem to think it is. There isn't a vast difference between patching Windows and patching *nix. At least not in my experience, which includes every version of Windows, RedHat 7-9, Solaris 7-9, OpenBSD 2.6-3.2, FreeBSD 4.7-5.1, Mac 0S 6-X and Gentoo. (I've installed others but don't have much patching experience on them because I usually dumped them quickly because I didn't like them.)
Every OS has its problems, and every OS has to be patched. And patching is a PITA no matter what OS it is. Some are just more of a PITA than others.
The myth of the vast superiority of *nix over everything else (WRT security and patching) is just that - a myth.
But this conversation has been going on for over 20 years and nothing has ever been settled. Nor will it be.
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
