Microsoft Skips Patch Tuesday 164
maotx writes "According to their recently released security bulletin, Microsoft will skip this month's Patch Tuesday. Patch Tuesday, also known as Black Tuesday amongst Administrators, is the second Tuesday of every month, in which Microsoft releases a series of patches and critical updates for its various operating systems and applications."
They have decided (Score:4, Funny)
Re:They have decided (Score:2, Insightful)
Re:They have decided (Score:2, Interesting)
Re:They have decided (Score:1)
Re:They have decided (Score:3, Insightful)
Re:They have decided (Score:1)
I think it's just something that Linus will think 'hey i could have done this if it was a micro kernel' and his views may change. Who knows, it's forever being changed.
Re:They have decided (Score:2)
Re:They have decided (Score:2)
Microkernels are an inevitable future. They have so many advantages for developers and users, and their only real downside is speed. Linux is great and all, but there's so many really cool things that can be done with operating systems that just aren't possible with a monolithic kernel. Maybe some kind of Linux compatibility layer (like FreeBSD has) could be used to ease the transition.
Re:They have decided (Score:2)
> Microkernels are an inevitable future. They have
> so many advantages for developers and users, and
> their only real downside is speed.
I've seen this line of reasoning outlined for the last 15 years or so.
The fact is speed still matters and will likely continue to matter, and microkernels still aren't the majority. Purists even dispute that OS/X runs a microkernel...
Re:They have decided (Score:1)
Re:They have decided (Score:2)
In this case, the Windows GUI is very responsive on even the slowest of computers. On the other hand, OS X requires a reasonable video card, and Linux GUI is just always slow.
Re:They have decided (Score:2, Insightful)
Re:They have decided (Score:1)
But wouldnt you agree that keeping your mac up to date is much simpler than keeping your windows PC up to date?
Re:They have decided (Score:2)
Click the Custom Button
Select the updates I want, normally all of them, click the download/install button.
Do other things as the updates download and install.
Normally a reboot after the process is complete
What is so hard about that? Or if you're a confused home user just leave the automatic updates turned on. It will automatically download the updates and install them for you. It wi
Re:They have decided (Score:1)
Windows starts up Internet Explorer and opens the Windows Update site, which is loaded with hyperlinks and buttons, has an "Express" and a "Custom" update process, and generally requires more clicking and waiting to get it done.
Re:They have decided (Score:2)
Re:They have decided (Score:2)
The same thing goes for Mac OS X. You can either select Software Update from the Apple menu to manually grab new updates, or Software Update will spawn as often as you choose
Re:They have decided (Score:2)
Vulnerability "maximizes shareholder value". (Score:3, Interesting)
Microsoft software is insecure because that is a way of "maximizing shareholder value", in my opinion.
When people have problems with their computer, they often buy a new computer [nytimes.com]. Then Microsoft sells another copy of Windows, which, of course, still has huge security risks.
That also seems to be why Microsoft software is so... unfinished. If they ever finished the job, no one would need to buy another copy. So maximizing shareholder value means minimizing quality as much as possible, considering what c
Re:Vulnerability "maximizes shareholder value". (Score:1)
Re:They have decided (Score:5, Insightful)
The problem is that the average user is scared as hell to update their Windows OS because when they have in the past it broke things and caused all sorts of problems.
There's an old saying: "Once bitten, twice shy".
You do the "right" thing only to get bitten in the ass because of it, you learn quickly not to do that again.
The average user isn't a geek and while so many geeks can't understand this fact and rant how most people are clueless.
This works both ways. How would you like it if every trip to the auto-mechanic you were chided for having certain tires, not using a particular brand/weight of motor oil, not being timely enough in getting a tune up, why didn't you change your own oil, your tire pressures too low? Or if you went to a lawyer, you were spoken down to and treated like a schmuck because of your ignorance of legalese?
So when these people run Windows auto-update in their attempt to "be good" and then need to call in some geek to fix it, only to get an ear-full of crap about IE this and Outlook that and VB-de blah de blah, you think they really want to suffer that indignity again?
It's a two fold problem really -- Running MS Auto-update is like playing Russian Roulette and if you lose, you've got to fork over cash for a lecture from some holier than thou sociopathic computer geek that's lost all perspective of life outside
So for many, the best option is to ignore the patches to avoid the headaches they've learned by experience to associate with negative experiences.
And it's people like you that help reinforce that associative perception. Good job.
Re:They have decided (Score:2)
Beware that you have a good point there, still, it doesn't apply to some of the stuff "us geeks" ha
Re:They have decided (Score:2)
Ok here's a scenario, I go to the mechanic and tell him "My engine has no power and heats up really quickly now." and he checks a few things, comes back and says "You have no oil." He'll put in some oil, tell me to check it every so often stuff like
Re:They have decided (Score:2)
To be fair, if you drove around with the automobile-safety equivalent of internet explorer, the police would pull you over and tell you to stop driving until it was fixed...
MS is cheap already (Score:2)
Bumper sticker (Score:3, Funny)
Yes! (Score:5, Funny)
In your face, LINUX!
Re:Yes! (Score:1)
Brooks' Law [wikipedia.org]
Re:Yes! (Score:1)
I think Microsoft has come to realize that its more profitable to allocate resources for arresting hackers and worm-writers than setting aside teams devoted to bug-fixing. Remember the Stephen Glass story Hack Heaven [forbes.com]? Sometimes life imitates con-art.
Hasta la Vista, XP!!!
Re:Yes! (Score:2)
One considered snickering at this one.
Re:Yes! (Score:1)
Is Microsoft SERIOUS about security? You judge. (Score:3, Interesting)
Microsoft: We're so great that there is nothing to do this month! Oh, don't worry about those High Severity Remote Code Execution vulnerabilities [eeye.com].
Macromedia and Real Networks have been competing with Microsoft, but Microsoft is considerably ahead in being insecure.
Vulnerability Wednesday (Score:5, Interesting)
Re:Vulnerability Wednesday (Score:2)
Re:Vulnerability Wednesday (Score:2)
Re:Vulnerability Wednesday (Score:2)
That is happening because crackers analyze the patches and learn what is the vulnerability being eliminated. There was an article about that topic on one of the major sites (securityfocus, I think). It's not a mystery, it's been happening a lot in the last 6 months.
Memo to all employees: (Score:5, Funny)
"Patch Tuesday" has cancelled.
"Hawaiian Shirt Friday" will continue as normal.
"Executive Chair Throwing Saturday" is uncertain, but quite likely.
Re:Memo to all employees: (Score:1)
What happens for patch-quick operations ?. (Score:5, Interesting)
I've often heard tuesday mid-morning was the best time to release a new package - mostly hearsay. Any bit of truth in it ?
Tuesday's are considered unlucky in Indian lore - to undertake new things. Wednesdays are the day of beginnings - but it's already Wed here by the time it's released worldwide.
Re:What happens for patch-quick operations ?. (Score:5, Insightful)
Vulnerabilities aren't discovered and exploits aren't written to respect the timing of Microsoft in this regard.
What happens if a vulnerability is discovered and an exploit written for it a couple of days after patch tuesday? Microsoft's whole bug fixing scheme is then set to only handle it 28 days later.
And we all know what happens in 28 days later.
What happens when a vulnerability is fixed that needs more testing for many people, but also comes attached to vulnerabilities that can be simply exploited? do we wait for the former before applying the latter, or apply the latter and to hell with the consequences in the former?
I think this is moron thinking. Each patch should be one small patch to fix that vulnerability and only that vulnerability. no other bug fixes with regards to non security issues, no combining patches, no waiting for days to fix a patch.
Then the monthly updates can be set client side however the client wishes to handle it. daily or weekly or monthly. whatever they wish to handle. at the time.
Good thinking. (Score:2)
MOD PARENT UP!! Good thinking.
Lameness filter encountered. Post aborted! Reason: Don't use so many caps. It's like YELLING.
We have a lame lameness filter.
--
If your gov't chooses killing as policy (CIA trained Arabs in 1980), expect others to choose the same.
Re:What happens for patch-quick operations ?. (Score:2)
I installed SP4's Rollup 1 on W2K the other week, and it broke Office XP's ability to save to the Floppy drive!
Re:What happens for patch-quick operations ?. (Score:4, Informative)
The fact that they have a schedule doesn't preclude them from issuing an "out of cycle" update, which they have done 2, maybe 3 times.
Re:What happens for patch-quick operations ?. (Score:2)
I assume you mean the spam-bot operators. They're the ones who benefit the most from this schedule because if they time their exploits right, every new crack can be used for a full month.
Any other "large corporate customer" would demand the publishing of workarounds AS SOON AS ANY WORKAROUND IS IDENTIFIED for a security issue - even if that workaround is "disable the XYZ service".
Re:What happens for patch-quick operations ?. (Score:2)
Contrary to popular Slashdot thinking, very few windows vulnerabilities have been exploited before the patches were issued (ignoring the person who discovered and verified the exploit.) Most of the big-name viruses that have spread based on Windows security flaws spread after the patches were available.
A previous poste
Re:What happens for patch-quick operations ?. (Score:1)
Re:What happens for patch-quick operations ?. (Score:2)
Re:What happens for patch-quick operations ?. (Score:2)
Re:What happens for patch-quick operations ?. (Score:3, Informative)
Correct and incorrect at the same time. Patches are reverse engineered and exploits are written based off of the changes in the patch. Which means once you release a patch, the clock is ticking for your customers to pick it up and deploy it before some script kiddie writes a worm that brings down your network.
What happens if a vulnerability is discovered and an exploit written for it a couple of
Re:What happens for patch-quick operations ?. (Score:2)
This is SO true. Zotob was reverse engineered and released only two or three days after the patch was released.
Re:What happens for patch-quick operations ?. (Score:2)
Re:What happens for patch-quick operations ?. (Score:2)
You must live in some fantasy land where merge conflicts never occur.
If the patches are applied in a defined order, it isn't a problem. It isn't possible to patch a binary in a random order as the GP requested. Hell, we still can't do that on a source level without human intervention every now and then.
Re:What happens for patch-quick operations ?. (Score:1)
----
This space intentionally filled up.
Re:What happens for patch-quick operations ?. (Score:2)
Back when weekly trade papers mattered, Tuesday was early enough to make next week's papers. Monday was too early; the journalists might not yet be recovered from the weekend.
Re:What happens for patch-quick operations ?. (Score:2)
Does releasing patches on a regular schedule increase security by increasing the uptake of patches, or decrease it by increasing the time from discovery to patch? Does anybody have any numbers on the uptake of Windows patches since they started the monthly schedule?
Re:What happens for patch-quick operations ?. (Score:2)
Yes, that is exactly what they do. It was a business decision - they were getting hammered in the press because of the frequency at which people had to update their computers. So they decided to move things to a monthly schedule, because psychologically it would lend an air of normalcy
The screen is so wide (Score:2, Informative)
As far as it goes, Black Tuesday is only a means for hackers to learn vulnerabilities in Windows by analyzing the dropped bits. It's very infrequent that an exploit is released before the updates are.
Windows is sure to have many problems, but if hackers are only willing to investigate changed bits and then attack not-yet updated systems, then not putting any updates out will keep those hackers at bay.
I don't think they shou
Re:The screen is so wide (Score:1)
Re:The screen is so wide (Score:1)
Re:The screen is so wide (Score:2)
Patches? (Score:1, Funny)
Jeez, miss the key point why don't you... (Score:5, Interesting)
Re:Jeez, miss the key point why don't you... (Score:5, Funny)
And how is that different from any other month?
*ducks*
Re:Jeez, miss the key point why don't you... (Score:1)
Re:Jeez, miss the key point why don't you... (Score:1)
They have to make sure they don't break the five or six of ten [slashdot.org] PCs that can actually fill out FEMA registration forms do they? That would nail one the only real advantage that platform has right now. They can break them in a week or two, so the patch that improves your net half life from 12 to 15 minutes will come. While M
Re:Jeez, miss the key point why don't you... (Score:2)
It's laudable if the stability concerns truly do outweigh the security concerns.
But, then, Microsoft is weighing the evidence and making the decision for everyone, all at once; not individual sysadmins, who might weight the balance differently, depending on the stability of their particular application mix. You're not making the decision. They ar
Re:Jeez, miss the key point why don't you... (Score:2)
Sometimes Microsoft does beat Open Source (Score:5, Funny)
Re:Sometimes Microsoft does beat Open Source (Score:2)
Also, most F/OSS end-users profit from the simple fact, that the whole world is beta-testing the patch for them. How could MS hire that kind of testing force, ever?
Re:Sometimes Microsoft does beat Open Source (Score:2)
Either you don't use Microsoft products or you haven't looked in the mirror, lately -- where you'll find yet another member of their "testing force".
Re:Sometimes Microsoft does beat Open Source (Score:2)
Re:Sometimes Microsoft does beat Open Source (Score:4, Insightful)
It's a rare open source product that's being used on ~95% of the desktops.
Re:Sometimes Microsoft does beat Open Source (Score:2, Insightful)
Uh, your TCP/IP stack?
Re:Sometimes Microsoft does beat Open Source (Score:2)
Re:Sometimes Microsoft does beat Open Source (Score:2, Funny)
Re:Sometimes Microsoft does beat Open Source (Score:3, Insightful)
What about the critical vulnerability out Sep 9? (Score:2, Interesting)
WTF?
Re:What about the critical vulnerability out Sep 9 (Score:2, Funny)
You know, I have never heard of that site before and I though you were making a joke. I had to go there thinking I would see something like, "Bill Gates has alien's child!" or "Bill Gates gives all of his money to Linus Torvalds!"
Re:What about the critical vulnerability out Sep 9 (Score:2)
The Enquirer reports stories about bat boy.
Small, but important, difference.
No, from TFA, they're NOT skipping Patch Tuesday (Score:5, Informative)
They are delaying a security update that was previoiusly scheduled for Tuesday. They're delaying it because they found some problems during late testing. Good on 'em for that.
Aside from that, the rest of the updates will be issued as scheduled.
Re:No, from TFA, they're NOT skipping Patch Tuesda (Score:1, Insightful)
What a wonderful day it would be if average users started asking hard questions and DEMANDING answers (as in: Why does there need to be a patch Tuesday in the first place?)
I'm not a Linux fanboy by any means( I use both windows and linux boxes, and both OS's
Re:No, from TFA, they're NOT skipping Patch Tuesda (Score:1)
Weasel wording... (Score:2)
I looked for examples of what this covered on my WSUS server, and found that this generally means, "Some patch or service pack or program isn't going to install/run unless you install this 'non-security patch'."
KB885523: "This update resolves a compatibility issue with a non-Microsoft software application installed on
No Patch? Skipped a month? (Score:5, Funny)
Funny--my girlfriend also said something about not needing to use the patch this week...and something else about a missed month...
Oh, wow! Cigars, anyone?
Re:No Patch? Skipped a month? (Score:4, Funny)
Re:No Patch? Skipped a month? (Score:4, Funny)
They're just copying Apple again (Score:2)
Windows now secure! (Score:2, Funny)
Next month, on the day formerly known as patch Tuesday, Microsoft will buy everyone a pony. Henceforth it shall be known as Microsoft Pony Tuesday. We shall be celebrating with the pixies and faeries!
Double-meaning in title (Score:2)
Sigh.
That Time of the Month (Score:4, Funny)
I always refer to it as "That time of the month for P.M.S.: Patching Microsoft Servers."
("Patching Microsoft Systems" also works).
If there were any bugs, why would we replace it. (Score:2, Insightful)
It's only after it becomes unreliable (or really ugly from rust etc) that you think about replacing it.
Software (despite what M$ would have us believe) doesn't wear out.
The only way to sell new stuff is have it break down. They only fix a few vulnerabilities at a time to make us believe they're trying to keep it safe, but they really built the "rust" at the factory.
Add a few new "features" (read code bloat) and the replacem
So, you don't change your oil (Score:2)
Recall notice. (Score:2)
Sure, a safety fix deals with life and death, but look how much money some of the corporations stand to loose to this bullshit. Look at Caterpillar.
Re:Recall notice. (Score:2)
In fact, usually car manufacturers recommend that tires and brakes be checked at every oil change, or 3 months. Hmm.
Re:Recall notice. (Score:2)
Re:T... F... A! (Score:5, Funny)
We have no idea how you beat out all the subscribers, and got around the 404's. But somehow, undoubtedly through minutes of perserverence, you were able to get the job done. And in your rush to provide this service, you were STILL able to make sure it was formatted nicely. Well done.
If it weren't for you, therer is absolutely no way I could have read this fine article. I Thank you and your country thanks you.
Re:T... F... A! (Score:2)
Re:T... F... A! (Score:2)
Re:T... F... A! (Score:3, Funny)
Re:T... F... A! (Score:1)