Important points. Cecil
-----Original Message----- From: Tim Churches [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 9:31 AM To: [EMAIL PROTECTED] Subject: Re: A question re: security On Sun, 2003-01-26 at 05:06, John S Gage wrote: > On Sunday, January 26, 2003, at 08:38 AM, Cecil O. Lynch, MD wrote: > > > Looks like folks just never learn to keep up on patches. The fix for > > this has been out for months. > > > > Cecil > > > > The statement above raises the important question WHY haven't people > running MS SQL servers installed an available, obviously important > patch? The disincentive for installing any patch is that it may render your system or database inoperative. If you read the disclaimer which comes with any patch from any commercial vendor and it will scare the pants of you. And quite often, the disclaimer is justified - the patch will break something (often subtly). If you are a sysadmin, whose performance is judged on the uptime of the system, this is a very strong disincentive to install patches. The solution, of course, is to run a test environment as well as a production environment, and test all new patches and software upgrades in the test environment before applying them in the production environment. The problem is that this means duplication of all software on the production system, and this can be very expensive when commercial software is used - thus, a large number of sites don't have test or development environments. Open source solutions have an obvious advantage here: test environments are much cheaper to set up. The other disincentive is the sheer number of patches. Its easy in retrospect to see which ones were significant and which should have been applied immediately... Tim C --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003
