Amen. On Mon, Nov 16, 2015 at 11:08 AM, Kennedy, Jim <[email protected] > wrote:
> Putting on my PDQ Deploy advocate hat again. > > > > The OP can solve the bandwidth issues and the control issues and the > update issue for 500 bucks. This thread and the prior work on all those > GPO’s and the ongoing work every month costs his org more than that. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Richard Stovall > *Sent:* Monday, November 16, 2015 11:06 AM > *To:* [email protected] > *Subject:* Re: [NTSysADM] Blocking Java, Google, Adobe automagic updaters > > > > <DA> > > > > Totally understood. This does not appear to be that sort of environment. > If I read the thread correctly, things appear to be working well for the OP > with auto-updating enabled, except for Internet bandwidth saturation at > inopportune times. Purposefully disabling updates to vulnerable > applications that are not bound to specific versions without a plan to > immediately assume a managed plan to patch them is not wise at best. At > worst it's potentially career limiting. > > > > </> > > > > On Mon, Nov 16, 2015 at 10:23 AM, Mark Liechty <[email protected]> wrote: > > On Nov 16, 2015, at 6:33 AM, Richard Stovall <[email protected]> wrote: > > > > Understood. I totally get that there are valid reasons to retain old > versions of Java for some very specific use cases. But Reader/Acrobat? > Chrome? And heaven forbid, Flash? > > ######### > > > I worked with a medical device company a few years ago that was very > specific about the Adobe Reader version. They have very complex QA around > any changes to the processes of any kind. Rules come from the FDA, Legal > Department and lots of other strangeness that It cannot, and should not, > control. > > It seems that at one point the PDF documents that were generated by some > other process did not display properly when looked at by the newest version > ##.### of Adobe but were perfect when using version YY.YYY since opening > these documents was required for each device as it came from assembly (had > testing results) we could not use the latest versions. > > Added to that ANY change at any point in the process required a complete > end-to-end revalidation\certification that was a very detailed process. > > So we stayed with the old versions and moved on. My last contact was 5 > years later and they still had not been able to change. What they had > worked and there was no motivation to upgrade for the sake of being “new > and shiny” > > > > >
