| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft’s painless ‘Patch Tuesday’ | |
|
||
| Time: 00:00 EST/05:00 GMT | News Source: Red Herring | Posted By: Chris Hedlund | ||
|
After 14 months of security updates, Microsoft finally gives techies—and consumers—‘Patch Tuesday’ off. But ‘no fixes’ doesn’t mean ‘no problems.’ Microsoft has announced that it does not expect to release security patches on Tuesday. The news comes as a welcome surprise for IT staffers and consumers alike, who have had to install Microsoft patches each month since January 2004. The grand total: 49 fixes. The company makes its digital band-aids available on the second Tuesday of each month. Last month, Windows users faced the specter of downloading and installing 12 hefty fixes, including critical fixes for its Internet Explorer web browser. This can cost millions of dollars for large companies like Citibank, which have hundreds of thousands of computers to secure. But “no patches” doesn’t mean “no problems.” “It could be that they do have some vulnerabilities that they’re working on and choosing not to release them at this point,” said Firas Raouf, COO of eEye Digital Security, a vulnerability research and intrusion-protection startup. “They don’t have anything outstanding from us, but that doesn’t mean that they don’t have other vulnerabilities from other researchers.” | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 309 Last | Next |
The time now is
7:01:37 AM
ET.
Any comment problems? E-mail us |
| #1 By 8241 (69.193.56.15) at 3/8/2005 6:10:18 AM |
| Some pain from the previous patches: http://www.google.ca/search?hl=en&q=885250+problem&meta= |
| #2 By 2960 (156.80.64.60) at 3/8/2005 8:23:46 AM |
|
Ok, so they are taking a month off. But, dammit, they NEED TO FIX IE!
I am SO sick of spending hours and hours and hours (and hours) removing Spyware from machines that got hit by drive-by installs. You can't blame the user. They never get prompted, and never know the crap gets installed. Sure, the majority of Spyware gets installed by user action (and most of THAT is via social engineering), but this drive-by nonsense has got to be stopped. And it can't be just for SP2 users or Longhorn users. It needs to be retroactive back through at least Win2K. TL |
| #3 By 23603 (216.94.216.26) at 3/8/2005 10:05:57 AM |
|
Techlarry:
I am pretty sure that you are aware of that but about 97% of spywares ccomes from explicit site, warez...etc....you get the point. Why don't you use a third party software like surfcontrol that block all those site. we use ISA 2004 with surfcontrol, to block ALOT of site and I can assure you, that we RARELY get spywares. |
| #4 By 2960 (156.80.64.60) at 3/8/2005 11:57:02 AM |
|
#3,
Not my decisions. I'm just the guy with the Pooper Scooper. TL |
| #5 By 19992 (164.214.4.31) at 3/8/2005 12:46:15 PM |
|
#4 Easy - testing. where I work we have to test that the patch isn't going to cause any problems with any 3rd party COTS packages and to make sure that all in house apps will not break as a result of applying the patch.
Each patch ends up getting tested about 40 different times once all of the different workstation builds and custom apps are taken into account. I'm sure that Citibank is run in a similar fashion. |
| #6 By 19992 (164.214.4.31) at 3/9/2005 11:47:00 AM |
| quux - I'm not sure what the bill totals are for us on a per patch basis. But, once you take into account engineer time to test, end user pilots and rolling the patch into the current baseline I can see the price tag hitting about 10K per patch per unique system build. |
| #7 By 19992 (164.214.4.31) at 3/9/2005 12:37:10 PM |
|
#9 - No, actually I think my numbers are fairly conservative. I ran some basic numbers and just to test, pilot, rollout, update baselines and update documentation comes out to around $6875 for the workstations alone. I assumed a total of 195 people (this covers engineers, pilot users, baseline managers, 1 SMS person to build the package and the docs team) each spending 1 hour per patch @ $35 per hour (testing takes more time than this, but I think it evens out since the docs only take about 15 minutes per patch)
The servers go through a more rigorous testing process. Since we can only patch our servers during off hours (middle of the night or weekends) I'm fairly certain that we spend more than 4K per patch to get these tested and updated. As best as I can figure it (I don't have exact numbers) My company has over 30K Windows workstations and well over 2000 Windows servers. edit - correct spelling mistakes This post was edited by happyguy on Wednesday, March 09, 2005 at 12:41. |
| #8 By 16451 (67.131.75.3) at 3/9/2005 7:26:05 PM |
| No patches? Huh. I show they released two for Win98 platform. And they even crashed our first test system. |
| #9 By 19992 (164.214.4.31) at 3/10/2005 10:32:20 AM |
|
quux
1) Actually the 195 people was based on 150 pilot users. The adjusted numbers (as done by you) would increase back up to $2450 (70 hours @ $35/hour) 2) Patch sets, agreed and we do. However, not all patches are applied to the baselines which results in different SMS packages being pushed. 3) Server admin salary - true the admins are paid a salary, but all salaries can be broken down to an hourly wage equivalent. How much of their salary was dedicated to patch management asopposed to other issues? Patches failing our testing - It varies by business unit. We generally have at least 2 groups that are not able to use a patch each time around. If we had blindly applied the patch to the workstations, or not performed the level of testing that we do we would have lost a lot of important functionality. As for costs, true the number for workstation patching isn't incredibly high (as compared to the Citibank quote would lead one to believe), however, those numbers did not include server patching. Also, the initial testing done by the baseline maintainers is largely performed on a test network with it's own SAN (replicated to mulitple sites) and EMC Centera structures (replicated to multiple sites) riding on it's own WAN lines, so the $7K is money well spent in our eyes if it prevents us from losing any critical data. As for how your company handles patches, it sounds like a good idea for a smaller company. However I've got over 30K workstations to push these out to and over 60 in house apps that are directly supported by a development team. For server patches we used to do the same thing you do until we had a patch on Win2K server that changed how the TCP/IP stack addressed packets (it was a minor change and didn't break anything in Windows) however one of our custom apps stopped working properly this resulted in about 80 hours of downtime on a mission critical system. Another patch we deployed changed the functionality of the Cisco VPN client (due to similar changes in the TCP/IP stack). As such we were no longer able to properly monitor traffic over the VPN links (although the client still worked). We ultimately had to work with Cisco to write a custom version of the client at significant cost to us. After these experiences we started to put safeguards in place to prevent this from happening again. |
| #10 By 19992 (164.214.4.31) at 3/11/2005 9:38:26 AM |
|
quux - I understand the issues your company is having over in-house apps and patches being thrown together, and the resulting desire to move to 3rd party programs. Unfortunately, that just isn't an option for us.
As for an org spending millions testing new patches I can easily see several of the larger banks doing this as well as portions of the US Government (military especially). After all, if a patch slips through the process and a bug was not caught it could end up costing investors billions (bank scenario) or human life (military scenario). Most companies will not spend millions on patches. Some will only spend $35 (based on our #s above) on patch rollouts a la LinuxisTheft/Parkker/Parker. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 309 Last | Next |
The time now is
7:01:37 AM
ET.
Any comment problems? E-mail us |
