by Anonymous Coward writes:
on Thursday August 18, 2005 @01:59PM (#13349297)
Hate to tell you this, bub, but you and your 150 machines are small-time, so you shouldn't go making broad pronouncements about who's competent or incompetent, based on your limited experience-- you're just a babe in the woods.
Any competent administrator of large entities of the sort that are getting hit with these worms knows to never roll out any Microsoft patches without first testing them thoroughly on non-production hardware to see if they break anything important.
Too many companies have gotten burned in the past by patches [desktoppipeline.com] that caused [systemsman...peline.com] worse problems [asp.net] than the worm infections they were supposed to prevent. Blindly rolling out a patch to production machines just because Microsoft says it's okay is pure folly.
That's a fair point about testing any new patches first. I feel an anecdote coming on... A couple of years ago, there was a windows patch that somehow affected 3dsmax. Files saved from 3dsmax on a patched machine could only be read on other patched machines, while files from unpatched machines couple be happily read on either. Much confusion ensued. I think it took a day or so to uncover what was really going on, but it caused us more problems than we'd ever had with viruses.
The only excuse for an administrator having a problem with this, is if the patch is incompatible with some or other software.
I fully understand that patches need to be tested. You know when the patches are about to be released and if 3 days is not good enough, then you need more IT staff, or more standardized hardware/software. In addition to that, allocate users/computers into update groups, and as you test one configuration, update that, test the next, and so on and so forth.
Security rollups and ser
Maybe you can't buy happiness, but these days you can certainly charge it.
Non-issue for any competent admin (Score:2, Informative)
Granted, I deal only with about 150 users, over about 6 companies, however, I haven't even had a reported case of this worm.
The only excuse for an administrator having a problem with this, is if the patch is incompatible with some or other software.
Any competent administrator knows:
WSUS works like a charm, you can tell it to check for updates every
Re:Non-issue for any competent admin (Score:1, Insightful)
Any competent administrator of large entities of the sort that are getting hit with these worms knows to never roll out any Microsoft patches without first testing them thoroughly on non-production hardware to see if they break anything important.
Too many companies have gotten burned in the past by patches [desktoppipeline.com] that caused [systemsman...peline.com] worse problems [asp.net] than the worm infections they were supposed to prevent. Blindly rolling out a patch to production machines just because Microsoft says it's okay is pure folly.
Re:Non-issue for any competent admin (Score:2)
A couple of years ago, there was a windows patch that somehow affected 3dsmax. Files saved from 3dsmax on a patched machine could only be read on other patched machines, while files from unpatched machines couple be happily read on either. Much confusion ensued. I think it took a day or so to uncover what was really going on, but it caused us more problems than we'd ever had with viruses.
Quite what the patch or 3dsmax wa
Re:Non-issue for any competent admin (Score:1)
I fully understand that patches need to be tested. You know when the patches are about to be released and if 3 days is not good enough, then you need more IT staff, or more standardized hardware/software. In addition to that, allocate users/computers into update groups, and as you test one configuration, update that, test the next, and so on and so forth.
Security rollups and ser