Microsoft Plans Largest-Ever Patch Tuesday 341
CWmike writes "Microsoft said it will deliver its largest-ever number of security updates on Tuesday to fix 13 flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and Forefront Security client software. Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system. The 13 updates slated for next week, eight of them pegged 'critical,' beat the previous record of 12 updates shipped in February 2007 and again in October 2008." Update Reader Kurt Seifried writes to correct the math a bit, pointing to Microsoft's Advance Notification page for the release, which says that rather than 13 flaws, this Patch Tuesday involves "13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning."
...Patch Tuesday (Score:4, Insightful)
Long Weekend (Score:4, Insightful)
Re:The more crap you add... (Score:4, Insightful)
I'd like to see a comparison between the number of patches to Linux vs. Windows. :)
Which do I think is a better OS in terms of security and stability? Linux. But I tend to get tired of the "Microsoft releases so many patches, their OS is obviously bad" argument when the it seems the whole development model of open source software (e.g., Linux distros) is that anyone can develop both features and patches, thus improving the software.
Can't be right (Score:1, Insightful)
Re:Long Weekend (Score:5, Insightful)
How do people forget a password in three days?
Because people are stupid. A person is smart, but people are stupid.
One of the most strangely insightful comments in Men in Black from memory.
Re:...Patch Tuesday (Score:4, Insightful)
It's a very good security strategy to piss off all your customers with WGA and Windows Media bullshit until they all turn off automatic updates.
Re:The more crap you add... (Score:5, Insightful)
I'd like to see a comparison between the number of patches to Linux vs. Windows. :)
For just the kernel, or for a whole average distro? Which distro's kernel and which variant (e.g. SMP vs. uniprocessor) and which arch? (x86 vs. say, PPC or ARM)? Do we count all the optional modules, and what about the stuff that is out there which could be compiled-in, but usually isn't (e.g. Win4Lin extensions)? Are patches counted as individual diffs checked in to a CVS/SVN/BK repo source tree, or counted only if distributed .rpm/.apt packages by a vendor?
Otherwise, yeah, I can see your POV. :)
Re:The more crap you add... (Score:5, Insightful)
Fair questions, but easily answered: for whatever is being compared to in a Windows OS. Windows, as I recall, has a kernel, has components that are necessary, has components that are unnecessary, etc. It seems Linux fans easily lapse into thinking that Windows is one complete mess all bound into one, whereas Linux has messy parts but the core is great... but who installs "Linux" and doesn't install a "Linux distro." To be fair to Windows. I'd have to say you'd have to compare an entire Linux distro default installation to an entire Windows default installation... all software included in the iso, not the latest-updated-version-of-Amarok or whatever comes with it by default. Getting the latest Amarok version is just like getting the latest patch for Windows Media Player...
As for CVS/SVN/BK diff's and whatnot, that's hard to come up with... I have no clue how much code differences there are in a given Windows patch. For all I know, it's one single typo, but since it's a binary, the entire thing is built and sent over in the patch, right? So who knows? I would think, from an end-user perspective, it only counts as a patch if it's distributed in an easily installed format; e.g., as an update or as an rpm or included in the distro, etc.
Thanks for seeing my POV. :) hehe. I'm in an unfortunate position for my life on slashdot; I actually enjoy Windows OS's. And Linux distros. Awful, I know.
I don't like AIX though...
Re:...Patch Tuesday (Score:5, Insightful)
MS requires customers to install the new WGA on a regular basis. That is also nagging.
Re:Long Weekend (Score:3, Insightful)
How do people forget a password in three days?
Duh, the janitor who comes in on holidays keeps throwing out the post-its taped to the monitors!
Re:The more crap you add... (Score:2, Insightful)
Also, a lot of patches for linux software are adding new functionality. Not just fixing bugs.
Furthermore, what exactly is contained in one Windows "update"? As far as we know one windows update contains as many changes to the system as dozens of smaller patches in a linux distro.
But yeah, the idea that more released patches = less secure system isn't a very good one.
Re:in the last patch supertuesday (Score:3, Insightful)
Well stop pirating office and you won't have those kinds of problems.
Re:The more crap you add... (Score:5, Insightful)
Re:Long Weekend (Score:2, Insightful)
Because people are required to memorize multiple passwords, between many different systems, that have different password construction requirements, require differing expiration dates on passwords. Not to mention each different system has a different login username and sequence. Then you wonder why people write their login information down on a post-it-note on their desk. Too many passwords and usernames lead to greater insecurity. Don't blame them for forgetting a password amongst so many.
Re:Typical Bullshit (Score:5, Insightful)
Kernel issues still require a reboot.
I run both Linux and FreeBSD in the server room, and have for about 15 years - but in terms of managing, reporting on, and distributing updates to hundreds of desktops, there's nothing off the shelf for *nix that comes close.
Re:Security & Stability (Score:3, Insightful)
Don't get me wrong, I'd not put a Windows machine directly facing the internet - but I wouldn't do that with an un-firewalled desktop Linux box either.
Linux doesn't have OLE, but they're still messing with implementing Bonobo, kpart, etc to re-create basically the same idea.
As for reading LKML, it also shows you how good ideas are often ridiculed and rejected on the basis of "not invented here" or differing from Linus' personal choice. Schedulers, for example...
I'm not saying open source is bad or worse - simply that its not immune from shitty code. There's far more shitty code out there than good code, whether its commercial or not.
Re:The more crap you add... (Score:3, Insightful)
That said, I've had no issues with five different webcams functioning properly under Ubuntu, without having to compile anything. I believe this is commonly referred to as "It Just Works(TM)".
Additionally, I'll take "knowing about vulnerabilities quickly" over "having somewhat fewer vulnerabilities that are publicly disclosed, leaving out problems Microsoft doesn't feel like informing the admin community of until exploits are already being used in the wild" any day.
Re:So? (Score:4, Insightful)
And you didn't have to wait for the magical Patch Day for Ubuntu to share them with you.
Re:...Patch Tuesday (Score:3, Insightful)
Lessee...domain is h-online.com, refers you to patch files hosted at heise.de--yep, that's direct from Microsoft, all right!
Re:...Patch Tuesday (Score:3, Insightful)
I am a legit user and I get burned burned by WGA all of the time. Ever try explaining to a customer why replacing the motherboard on their Acer means buying a new copy of windows?
You don't need to. It may be a pain in the ass, but you can call microsoft and they will give you a new code. It even gives you the number when you try to activate it.
Re:...Patch Tuesday (Score:3, Insightful)