General discussion

  • Creator
    Topic
  • #2286272

    Should M$ force security patching?

    Locked

    by pgm554 ·

    Rumor has it that Longhorn will enforce security patching.

    Up until now I frowned upon any body forcing me to anything until I test it thoroughly.

    However, this weekend I just spent the most part of Saturday and Sunday patching and scanning a friend of a friend?s home system.

    I, as an IT pro, keep up with security patches and such, but looking at an end users home system, gave me a view from the M$ side.

    The system was a zombie nightmare (backdoors galore, a disabled firewall which I could not re-enable, and even after I cleaned the system and loaded Norton, the updates would not load).

    No virus scanner, no patching, and kids downloading whatever looks cool.

    I’m sure this system is not an exception to the rule.

    Now, I?m not so sure that forced updates for a home user system, is not such a bad idea.

All Comments

  • Author
    Replies
    • #2693207

      I think so

      by eric-m ·

      In reply to Should M$ force security patching?

      I think the route that Microsoft is taking on XP SP2 is a very good one and can be extrapolated even further for longhorn. From what I understand the firewall is turned on and some services are disabled (like Messanger). All of those actions can be ‘undone’ easily in a corporate environment using group policy. I would hope most corporate environments are already using a patching system, (even SUS is better then nothing) so they are already most likely using GPO to modify automatic update settings on clients.

      Enabling automatic updates by default would cover the home users and corporate environments that are irresponsibly not patching critical security holes, while at the same time allowing for the ability to deliberately disable automatic updates and do nothing about managing updates.

      Of course that would mean Microsoft would have a greatly increased duty to insure that a patch like 811493 never comes out again. (http://support.microsoft.com/default.aspx?kbid=819634)

      Eric

      • #2695530

        832894

        by oz_media ·

        In reply to I think so

        Or 832894.

        Having the mosy unreliable company in the industry, provide AUTO patching to unsavvy end users (who will say YES to anything MS wants them to download), in order to patch yet another unstable and unprotected operating system is absolutely crazy.

        I will wait forever before installing MOST so called ‘important security ipdates’ as they usually have a patch for the oatch within a few weeks because SOME people install everything MS releases instantly. They are like sending out the probe when it comes to exploring patch issues.

        have all the MS junkies install first, they can complein about all the problems and pay on a per call support to MS. Once the issues are discovered as widespread, MS will issue yet another patch for the patch.

        In all my time as a Novell Engineer, I have applied perhaps two or three ‘patches’for security vulnerabilities and that is only if a custoemr meets the specific instances they mention.

        Now, with MS being such a wonderful and chosen favorite by many, you would think that the R&D would be so extreme that they would RARELY need to patch their well engineered software, you would THINK.

        So why doen’t the all great and mighty MS, just release an OS that works out of the box? They are more interested in revenue and release dates that refining the product isn’t in the cards. A few Alpha’s and Beta’s and it’s time to release the next new and improved MS OS. It boggles my mind how such an untrustworthy and bug ridden software designer could possibly stay in business by producing so much garbage. Can you imagine if your car was as reliable as their OS, you’d be scared to start it or even try to apply the brakes? If your buildings sprinkler system was a MS product you’d all burn and die. IN all other areas of manufacturing and production, MS wouldn’t even get out of the starting gate, with PC’s which many users have no former knowledge of before buying one, they are practically forced to buy one with XP Home edition in it and then expected to keep it secure, it’s not fair, it’s not feasible, it’s not good business at all.

        as you can see, I could drone on about MS garbage for days if I had the time. It just holds no water as a viable business solution nor a stable home operating system. there are so many better products and choices, unfortunately, those choices usually aren’t available at the retail or end user level without an upgrading cost incurred. But MS is not forcing products on anyone and nor do they have a monopoly on the market, they are a fair and true player……uh, yeah.

        • #2694633

          OZ while I tend to agree

          by hal 9000 ·

          In reply to 832894

          You are however totally wrong about the fire suppression system if it was really controlled by a Microsoft Product you would certainly burn when there was a fire but more likely than not you would tend to drown as well when there wasn’t a fire about.

          I’m no great believer in Windows XP or any other form of Windows but it is the industry standard and I’m surprised just how many people think that they have to have Microsoft on their desktops.

          But while I’m personally against forcing people to update automatically when ever a new MS Patch becomes available for the home user it is some times helpful as it currently is very rarely done. What is another of my pet hates with MS’s updates is that you have to visit different sites to get the required patches for different MS product so even if Windows was kept up to date all the rest of the MS applications are left un-patched.

          That could be a contributing factor of why I install Linux on every occasion that I can and constantly recommend it to all the “Home Users” that I deal with as in these cases the software quite often is worth far more than the hardware. But then they want to play games written for Windows and that is where everything falls down but with a new version of Linux that I’m currently testing it is supposed to be able to run all MS applications on the Linux desktop.

          Currently I only have it on a 200 MMX Pentium that was lying around but as it looks so promising I’m in the process of building another unit to fully test it and then if it works only half as well as it is claimed I will not need to install Windows on any more “Home Computers.”

          Well that’s my dream anyway.

          Col

        • #2694628

          Ley me know

          by oz_media ·

          In reply to OZ while I tend to agree

          Let me know how it works out. I have plyed with the older Lindows and stuff, and am also happy to offer a Linux alternative to all my users. Most of them are now using Ximian XD2 Novell Linux, I feel like i’m gonna have to find a new line of work again as they never call with problems. The netwrok monitoring has turned into a daily report and simply a formality as nothing ever goes down or hangs or crashes or dies or ….

        • #2667951

          Never again

          by igotspamed ·

          In reply to Ley me know

          I am in the process of installing os on 4 systems. One of these systems has already gone down. M$ programing has cause p4e’s to endlessly loop at full bore on a number of occtions. These systems are for a office enviroment where to ask users to watch things like temperatures and processor activity makes them nervous and afraid to use the computer. Heaven forbid an xp system go down because the hacking a trial and error approach I’d have to take would make me look like a complete fool. I’ve had to break in to systems so many times I don’t think there is a single secure element at the terminal level. Security packs, the upload manger and who knows what else will alter settings at random. Although a system works fine now there are no garentees two hours or two weeks from now. That mean printers failing, lans and wans. I can’t ask someone to fool with the network connections wizard to try and get the internet back up. I’ve got enough problems with routers and modems as is. M$ went to far with sp2. I’m in the process of installing Gentoo Linux on a P3 which will in turn unpack p4 software on a second drive with will go into a p4 system and be installed on the sata drives from there. M$ is no longer welcome on my systems.

        • #2667925

          Actually I have the same problems on a Dual Processor

          by hal 9000 ·

          In reply to Never again

          Work Station running XP Pro as I regularly see the CPU’s running at 100% for long periods of time and this is after I shut things down.

          I also had a Quad Processor Server where the CPU’s could not be made to run at anything better than 20% with 2003 Enterprise Server installed. M$ answer was that it was fast enough anyway so why bother but I felt that my customer was not getting what they had paid for with only that amount of workload being available through the CPU’s. Once I installed SUSE onto the unit everything worked perfectly and that is how it has stayed running properly and best of all the customer is none the wiser about what they actually have on the new server as they think it is a Microsoft Product but they can not believe just how stable it is.

          Col

        • #2667922

          OZ the products name is

          by hal 9000 ·

          In reply to Ley me know

          Xandros Desktop ver 2 and while it is heavily Debian based it has quite a few differences as well. Currently I haven’t had the time to have a good play with it as yet but I do have a new P4 system that I’m going to try it on when I get the time. But just going from the original install it claims to have some interesting features and the copy installed on the 200 MMX works quite nicely on the Windows Network picking up all the Windows machines without any trouble.

          I was going to spend Easter playing with it but after making sure that I had nothing on so I could have the time to give it a good workout I’ve been out working at a business where their whole network has gone down because there where no current AV Definitions on it and no M$ Patches. At least they had a full backup in place so I’ve only had to reload 100 computers & servers So I’m guessing that the Easter treat just is not going to happen.

          Now if only I could find a way to prevent most of what I’m earning over Easter going in Taxes as there will be something like 60% + 10% GST.

          So if you want to have a play with it you very well might get to have a look long before I will. It claims to be able to run M$ applications but if this is just “Wine” installed that allows this to happen I’m not as yet sure as I haven’t had the time to have a good play with it.

          Col

        • #2667767

          Winodws Compatibility

          by Anonymous ·

          In reply to OZ the products name is

          Actually, If I remember correctly, it is Codeweavers Crossver Office Plugin that Xandros has licensed for windows Compatibility. It is a little more sophisticated than wine. Works quite nicely, what little bit I have used it.

        • #2667691

          Thanks for the info

          by hal 9000 ·

          In reply to Winodws Compatibility

          I appreciate it as as yet I have not had much of a chance to play with it and even now it is on a sub-standard unit just for initial testing purposes.

          When I load it onto some thing far more powerful it should prove interesting.

          Col

        • #3307188

          oops!

          by bloodyusername!! ·

          In reply to OZ while I tend to agree

          I really should read a full thread BEFORE I ask questions…. 🙂

      • #2667391

        SUS service is enough

        by whitedragon21_2000 ·

        In reply to I think so

        I believe that update server is far enough. I work in an environment with custom application and patches need to be tested before they are put in production. So I don’t think that patches should be forced down. I do agree that patches need to be enforced but I think education should be the way of enforcing patches. If administrators refuse to educate themselves on the newiest required patches and test them. Well they deserve to pay top dollar for support when their systems and or networks are affected.

        Thanks
        Brandon

        • #2667386

          All well and good, but . . .

          by therrington ·

          In reply to SUS service is enough

          You are talking corporate. The discussion to this point has been about the home user.

          I have had the same experience as others: trying to rescue systems that are a mismash of spyware, worms, and viruses.

          One small additional point: users too frequently don’t keep antivirus up to date. The only thing worse than no antivirus is one with out of date sifnatures.

        • #2667370

          That’s a different issue

          by llang ·

          In reply to All well and good, but . . .

          That’s an education issue and for many it boils down to the fact that they haven’t been told just what virus protection is, how it works (in general), how viruses morph and new ones constantly emerge, and why and how to update their virus defs. If my mother and my inlaws can do it, anybody can. They just need it explained in language they can understand.

          Besides, the subject at hand isn’t about keeping virus defs up to date. It’s about patching a swiss cheese OS. The only way forcing updates will help keep virus defs current is if MS partners with certain antivirus vendors and pushes those updates down. Then the users would be forced into using one of the annoited antivirus packages.

          Hmmm – I smell a new MS revenue stream abrewin’.

        • #2667358

          Virus updates are a problem, too

          by sedge ·

          In reply to That’s a different issue

          I agree with everyone abot MS forcing patches. However, from my own personal experience at home, I have to stand up for the home user, at least a little. As an IT professional, I keep my updates current on everything, even at home. However, I’ve found that Symantec makes it very difficult to download their newest virus patterns, since live update doesn’t work with a simple subscription renewal. You have to purchase the software upgrade each year instead. They make it very difficult to update and the typical home user isn’t going to take the time, particularly if they have a 56k dial-up.
          Hmmm, do I smell a new revenue stream from someone other that MS?

        • #2667166

          McAfee

          by zati16 ·

          In reply to Virus updates are a problem, too

          that’s why I recomend McAfee SecurityCenter, it’s easy to update (you only need a valid e-mail adress, no questions asked)…
          🙂

        • #2667156

          Symantec sucks ….

          by jardinier ·

          In reply to Virus updates are a problem, too

          Pardon my French, but in my experience Norton is an inferior AV.

          Commencing 7 years ago, when I first connected to the Internet, I have been using Vet AV (purchase online and download from http://www.vet.com.au) on all my computers, and recommending it to everyone to whom I sell a refurbished computer.

          I have never been infected in all these years. It is also very competitively priced. After the initial purchase, registration renewal currently is about $AU 43 per year.

          Vet is part of Computer Associates, a long-established software manufacturer. Currently it updates silently in the background, within about 15 minutes of making an Internet connection. These updates are currently revised almost every day.

          I have also used TrendMicro products, which cover everything from AV, anti spam, firewall etc. Their technical support is truly amazing. I was installing it on a Windows 95 computer, but had lost the serial number. Emailed answers to my questions usually arrived less than 48 hours after the request. TrendMicro have a complete range of security products to cover every conceivable setup.

        • #2667112

          Why do I use Symantec/Norton Antivrus?

          by jagostisi ·

          In reply to That’s a different issue

          In my business environment I’m using Symantec’s Corporate Edition, and I recommend Norton Antivirus to everyone I know with a home computer.

          I’ve been in the IT business for almost thirty years and using/managing PCs from the onset. While viruses have constituted a threat from almost the beginning, the nature and the magnitude of the problem changed radically with the inception of E-Mail. Prior to E-Mail McAffee was my product of choice. Unfortunately, not all vendors have adapted or evolved equally well to meet the challenges and requirements of the real and corporate worlds, nor at the same rates. Symantec has not alway been my product of choice, but it is today.

          Why? I have had incredibly bad experiences with Network Associates/McAfee, Trend, and Computer Associates. In the last five years my company has been hit by two virus attacks, one was insignificant, the other was the Nimda virus. When Nimda hit, I was using using Computer Associates’ product

          Computer Associates – they were the last company to acknowledge the existance of Nimda, the last to provide a scan for it, and the last to provide a fix. Do I need to say more? They were rapidly out the door.

          Trend – They were the quickest to identify Nimda and to provide a fix. I applied it. As I discovered later, the fix was to simply delete infected system files on my Windows NT4 server, and it did stop the spread of the virus. Unfortunately, it also crippled the sever, eventually requiring drive reformatng and complete re-installation of all system and application software. The fix caused more damage than the virus.

          Network Associates – After Nimda, my goal was to provide more reliable virus protection accross the enterprise and minimize the work and overhead in doing so. At the time Network Associates seemed to be the only vendor that began to approach those objectives. I licensed their flagship product with push/pull technology to effortlessly keep all work stations protected. It may have been the best available, but it was anything other than effortless. The documentation was light on explanation and phone support had to be purchased separately. It worked fairly well but took a lot of effort and manual intervention to keep workstations protected and up to date. There were also multiple instances where the push/pull technology did not work. The real problems though began when I renewed my licence and acquired the latest version. It simply did not work. I was running PSQL7 on my Windows 2000 server but their product only worked with PSQL6(a requirement only found in the documention afterwards). Their downloaded fix for the problem did not work either, and the documentation for it was terrible. When I contacted the company they told me that it was my problem to deal with, but they suggested that I should purchase telephone support. Goodbye, Network Associates. Lastly, I had never found, up to that time, a home user who had successfully downloaded their virus signatures, and I didn’t have an easy time of it either.

          Symantec – They were slow to address the enterprize, but when they did, they got it right. The corporate edition installed efortlessly and the workstation update is seemless, without any intervention. Updates are fully automatic and the push to the workstations is invisble. How good is the virus protection? There’s been no virus penetration in the last two years(since it’s been in place); of course, that speaks of some good luck too. I’ve called them on several occassions with questions, tech suport has been quick and on the money, and free. I’ve found that Symantec’s web site is the easiest from which to obtain imformation on viruses and removal instructions are thorough and complete. Lastly, I had no trouble in training any home user in updating the virus signatures, that includes my 80 year old mother. The latest home versions update themselves automatically. Someone expressed displeasure with their licensing charges. What’s the cost of an infestation?

        • #2667043

          Thank you …

          by jardinier ·

          In reply to Why do I use Symantec/Norton Antivrus?

          for detailing your experiences with various AV products. I am a home user, and my comments were based on my personal experience.

          I do not know if Vet AV (Australia) software is independent of Computer Associates. Vet does, however, in its newsletters, claim to have won awards for its product.

        • #2667281

          But what about patches which screw up a system?

          by techanduser ·

          In reply to SUS service is enough

          My concern is when I receive an update from MS which brings down my system. I have had four computers in my family receive an official update from SUS, and after installing the patch the computer would fail to boot. Two of the three required serveral hours online with MS support to back out, one required a total disk wipe (with lots of lost data), and my personal machine had a recent ghost image to restore from. My opinion is that MS should make sure the patch installation is bullet-proof before they force feed us.

        • #2667266

          More to the point if

          by hal 9000 ·

          In reply to But what about patches which screw up a system?

          The original code was “Bullet Proof” we wouldn’t need any patches would we?

          But what a lot of people here are getting away from is the “Critical Patches” as apposed to the “Recommended Patches” and the “Driver Patches” all of these have potential problems if installed and if not installed.

          If the basic OS actually worked we just would not see the former of these as there would be little to no need.

          Col

        • #2667232

          No OS Has Fully Bullet-Proof Code

          by black_eyed_pea ·

          In reply to More to the point if

          I’ve supported Windows, Netware, VMS, Mac OS, and various flavors of *NIX. Any sysadmin with similar experience can verify that no networked OS is bullet-proof. Somebody name me a viable OS that doesn’t need to be patched. Anyone?

          If the OS itself has been hardened, you still have to worry about apps/daemons/services. In addition, when you harden any OS, you trade functionality for security. There is always overhead.

          It is possible that Microsoft could be knocked off the hill and some other player could shove them aside. It would be nice if the various *NIX factions could polarize forces and become a viable competitor to Microsoft on the desktop. The beginnings of that could be in the works at Novell. If that ever does happen, mark my words, the target will change and exploits will be found.

          There is a reason SANS and the FBI release the top ten vulnerabilities for the two most widely used operating systems:

          http://www.sans.org/top20/

          Comments?

        • #2667194

          While I fully agree about no OS

          by hal 9000 ·

          In reply to No OS Has Fully Bullet-Proof Code

          Being Bullet Proof Microsoft could do a far better job than they currently are as effectively we are all Beta Testers who pay for the privilege to test these products.

          Now as far as a viable alternative Xandros looks hopeful it is a Debian derivative that is supposed to be able to run Windows applications, at the moment I’ve only got it installed on a 200 MMX with a 2.1 GIG HDD so all the features are not active and it is very slow as the recommended minimum is a P11 but it works as a show piece rather than anything else. When I get the time to install it on something bigger I’ll report back on just how effective it actually is. Like if it actually does what it says it will or if the people behind this “NIX” version are taking a leaf out of M$ advertising book and making unfounded claims.

          Actually you have not said anything that I haven’t said previously but then I got howled down by the Linux devotees telling me that it just isn’t possible to Hack Linux or write virii for it as easily which of course it isn’t but that by no means,means it is impossible either. I took great joy in pointing out that the very first system hacked was in fact a Unix mainframe at Melbourne Univ many years ago.

          But what the whole idea of this discussion was originally about home computers and not business units as they are very different kettle of fish. What is useful in a “Home” environment is not necessarily a good thing in the work environment and the same goes the other way around as well.

          Now while you are perfectly correct that when you harden any OS you trade off functionality for security but then again what is the point of having a network that is as easy as hell to use if it is a security nightmare for the persons commissioned to administer it? We have to strike an acceptable balance between the two and these are very different for the home and business.

          Personally I think most people here are thinking about their work systems and forgetting that the biggest piece of Microsoft’s sales are to home users who very rarely do the right thing mainly because they know no better and it is these very unpatched systems which then cause business a lot of troubles. With the Internet being what it is anything can be spread around the world in a few minutes and most of the spreading comes from home users computers as the business computers are on the whole fairly well locked down to prevent this from happening or at the very least they should be.

          Now if it meant that the occasional breakdown caused by Microsoft auto applied patches on a home computer meant that things like Slammer or Netsky took far longer to spread even if it was only reduced to several hours and not several minutes I think that would be a good trade off for business. But of course I’m only talking about “Security” updates not the “Recommended r Driver” updates that are available from Microsoft. Also if they where to finally do what they have been telling us for a few years now and set up only one entry point to upgrade every Microsoft product it would make my life a lot easier as all the home computers that are running whichever version of Office would at least have most of the venerabilities sealed.

          Col

        • #3305986

          Xandros, etc.

          by black_eyed_pea ·

          In reply to While I fully agree about no OS

          Col,

          That was a well thought out reply. If you ever return to this discussion, I would like to know how the eval of Xandros is going.

          Also, I completely agree about striking a balance between security and functionality. I wonder what your thoughts about XPSP2 are.

        • #2667150

          true but demagnetise

          by deadly ernest ·

          In reply to No OS Has Fully Bullet-Proof Code

          True no system is bullet proof, but does MS have make them holier than Swiss cheese and build in bullet magnets? My biggest gripe is the number of security problems in Win XP that had been identified and patched in Win NT4, Win 200, Win 98, and Win ME that were in Win XP and had to be patched post release. If they did their job properly those holes should have been closed in XP in the original code during the development.

        • #3305987

          Have a list of those vulnerabilities?

          by black_eyed_pea ·

          In reply to true but demagnetise

          Eebywater,

          Thanks for the reply. Do you have a list of those vulnerabilities on XP that were fixed in previous Windows releases? Or at least some URLs to direct us to?

        • #2667233

          I agree completely- And

          by mxyzyptylk1 ·

          In reply to But what about patches which screw up a system?

          …I agree that virus “pushes” are also a bad idea. I still remember the one that flagged Office as a virus and offerred to remove it from 300 machines one morning. One would have thought that Microsoft would know how to find possible examples of buffer overrun in their own code. One would have been wrong several dozen times. Even the firewall vendors are having trouble with their own stuff (and such as they are, they’re still our first line of defense). Why the h^ll should we allow ANYONE to do a forced update? Yes- we have an amazing number of polluted machines and zombies out there. One group has a serious business reason for eliminating them: the ISPs.

        • #2667193

          But didn’t Microsoft Get it right?

          by hal 9000 ·

          In reply to I agree completely- And

          When the patch claimed that a Microsoft product was a virus?

          Col

        • #2667165

          :)

          by zati16 ·

          In reply to But what about patches which screw up a system?

          I installed a security patch and some stoped to work.I fixed it by uninstalling the sec.patch…
          my question is: when I’m paying between 20-50$ for a game and Windows stops it working, would they give the money spent for the product?
          The game was just an example.

        • #2566090

          why stick

          by rayevanshome ·

          In reply to But what about patches which screw up a system?

          why stick with microsoft and get forced updats when there are free Alternatives like linux out there.

      • #2667377

        ABSOLUTELY NOT!

        by web guru ·

        In reply to I think so

        …does MS know if you’re running third-party apps for a specialized industry (ie, accounting, medical, engineering, etc.)? No, so, these things can’t be just put on willy nilly whenever there put out (and they VERY frequently are for Windows OS’s) – they must be tested first, hense, force-feed isn’t a good idea…… MS, keep trying, you’re getting warmer…

        • #2667182

          ABSOLUTELY NOT! Part 2

          by jaredh ·

          In reply to ABSOLUTELY NOT!

          Should MS force updates? NO! Why? Some of their “updates” have caused more problems than they fixed, for one. Also, not all software is created equal and one update for the OS could be a break for an application. SUS is ok because it can be controlled by me. I should be in control of my network, not MS. Finally, if MS would just to a decent job of getting a good quality OS out, there would not be near the need for the patching in the first place.

      • #2667327

        For HOME user I agress

        by avantgarde ·

        In reply to I think so

        As IT support we tend to forget we have a greater scope of knowledge over most users. Most of us have had “forced update” screw up our systems, so we tend to have a “wait and see” approach. If we stop to think most of the virus out there continue to survive because of user who do not know or do not care about security updates. I understand the third party issues, but most users with MS Home are not in this position. The fact is they (end users) think the only way they can get a virus is though E-mail, they don?t realize by simply plugging an unprotected computer into the web they are a target. So is ?forced Update? a good thing? Yes, I agree with it for home and non server-client users I think they need it the most, but I do not want to see this process in the corporate environment simply because of the buggy ness that is Microsoft.

        • #2667267

          Home user is also a user….

          by eri-groe ·

          In reply to For HOME user I agress

          After rescuing some of my friends who have trusted MS and used automatic updates, my feeling is NO. reasons are already given: untrustworthyness, patches on patches etc. In addition: It is MY system, weither I’m a pro or novice, and it is MY responsibility to know enough about it, not MS.

        • #2667148

          Realities intrude

          by deadly ernest ·

          In reply to For HOME user I agress

          Home user realities intrude on this issue, I have spent endless hours rebuilding home user client systems after they noticed how stuff their system had become due to loading things like Kazaa, etc; most have dial up connections working at 45 k or less. One client had automatic update operating and said they would hanlde the updates, I left him to it as the last time I had rebuild his system (4 months previously) the auto updates took 3 days to fully process, and that was all the system did whilst online for 3 days.

          Many users wont wait around that long; for many I build the system the way they want with their apps etc and the basic operating system disc, then image the system to CD and just leave it at that. When they get hit they just use the CD to reimage and can be up and running again in an hour or so without me; not the several hours or days to do a total rebuild and secure.

      • #2667819

        Definitely not!

        by fhonegger ·

        In reply to I think so

        Read “Der Zauberlehrling” (The Sorcerer’s Apprentice) from Johann Wolfgang Goethe and you know what I mean!

        http://german.about.com/library/blgzauberl.htm

    • #2693202

      What you saw was the norm

      by hal 9000 ·

      In reply to Should M$ force security patching?

      Rather than the exception particularly if a 56K dial up connection is the only Internet connection available, but even with broadband very few home computers ever get patched. It is currently an uphill battle just to get Windows Patched without even thinking of the Office products.

      I’ve lost count of the number of “Home” computers that I have had to go out and secure so they could access the business network from off site and to be honest you are lucky if they even have a current copy of Windows on the things anyway. One CEO house that I went to had a Windows 95B installation and the kids where allowed access to the unit to download anything that took their fancy. While it had Norton’s AV on it that product had expired 6 months previously and there was absolutely no protection at all on the machine.

      While the person in question openly admitted that the kids often reloaded the system he thought that the removable HDD that he had fitted was enough security {I might add here that the HDD in question was by then jammed in the carrier as I doubt that it had ever been removed} and it was full of kids stuff as well not to mention that he had lost the keys for it so he could remove the drive.

      Since Microsoft has added the simple outside connectivity I have had to rewrite all my security plans again and we now not are only responsible for the network that we administer but every outside computer that has access to the network as well.What was once a fairly simple job is becoming far more difficult to administer as the Upper Management seem to think that as we have installed the proper security measures on the business network it is protected even though there are gapping holes in their home units which with they access the network.

      Col

      • #2693199

        God save us from the home users!

        by pgm554 ·

        In reply to What you saw was the norm

        This system was an XP pro that her EX had upgraded and now has decided that he wants the upgraded drive back. So I had to move the data to a new disk(using Power Quest and thinking this would be just a few hours work).

        Man, talk about mission creep!

        The EX is a helpdesk person that supposedly knows what he is doing, but this leads me to wonder.

        If a guy who gets paid to do this for a living is this lax at security, God save us from the typical family user!

        • #2695489

          Just because he gets paid, doesn’t mean he knows anything

          by oz_media ·

          In reply to God save us from the home users!

          THere are so many clueless MCSE’s and A+ techs it isn’t funny. This is exactly why I give no credit to basic certs that everyone and their dog has. if you can get a job flipping burgers or pumping gas, you can pass the MCSE. The more MS certs handed out, the more MS is gonna be recommended on site by these ‘techs’.

          I see it so often that some MCSE has talked a Netware shop into switching to MS products, only to have the boss screaming at me to resecure their network and get rid of all the abends and hangs by installing Netware again. Once people have gone with the RED ‘N’ they won’t like the Windoze alternatives and all the inherent headaches that accompany it.

          So when you say this guy is a credited Microsoft HELPDESK person, this means NOTHING whatsoever as although SOME are extremely talented, it is not a erquirement and a basic A+ knowledge will suffice. This guy sounds like he buys hype and techno babble and sells himself on things without REALLY knowing what he’s talking about.

          Just shrug your shoulders and let it ride. There’s always some egomaniac who thinks he knows best but is generally wrong on all accounts, far from rare anyhow.

        • #2667367

          Novell not Abending??? Since When???

          by sedge ·

          In reply to Just because he gets paid, doesn’t mean he knows anything

          Wow, Oz. I may agree with MS not requiring patches, I disagree with you about Novell. For the last 5 years on this job, I’ve run 40 Novell servers and 49 Windows servers. I’m getting at least 2 abends each week from the bank of Novell servers. Even Novell’s own patches and products abend their servers. Since I pay $85,000 per year to have an Novell engineer assigned to my business, you’d think he’d be able to fix that problem. But, no…we still get abends routinely. However, in that same period I’ve never had a Windows server fail that I or one of my techs didn’t cause or that wasn’t the result of a hardware or power failure.
          Novell’s own products can’t even play well together. So, rather than fix what they have, they are moving on to the next fad in the market, just like they did with UNIX several years ago. What next???

        • #2667353

          Novell not abending…

          by boomslang ·

          In reply to Novell not Abending??? Since When???

          Sounds like a Karma thing, maybe we should trade places… You get my low pay job and Novell that doesn’t abend for me getting substatially higher pay and NT/2000/2003 that doesn’t crash. Your experience is exactly the opposite of mine, don’t know why… Don’t care to know why.

        • #2667310

          So why even pipe up?

          by oz_media ·

          In reply to Novell not abending…

          I get ppaid more than any MSE in town, if not in the province, ALL NW MCNE’s do here, Novell is wanted.

          I perform less work than most MCSE’s and it’s usually a lot easier. I can count the abends I’ve had over three yers on one hand. I can also count the Netware patches in that same time on one hand.

          If you’re pissed because ou think you picked the wprng path it isn’t my fault.

          But if you don’t care, why did you post?

        • #2667322

          Novell not Abending??? Since When???

          by grolan ·

          In reply to Novell not Abending??? Since When???

          Hmmm, but what’s the background of you and your techs? Is it possible you know Windows a lot better than you know NetWare? I don’t mean that as an insult – I think it’s possible to run almost any OS with reasonable reliability if you know the product well, although Windows is certainly more problematic than most.

          I run a NetWare network. My servers have been up since last November. The only reason we downed them then was to accommodate a recabling project. No abends, no problems. If you know what you’re doing with NetWare, it’s amazingly stable.

          Abends on NetWare are usually due to poorly behaved 3rd party software. You mention you have a contract with a Novell support engineer, but you don’t say what you’re running on the servers. There may not be much he can do if you’re running a 3rd party app that’s causing problems. Regardless of OS, I’m a believer in limiting the number of services running on one server. Limit it to one or two major services and leave it at that. Simpler is better.

          Not trying to minimize your experience – I’ve had similar frustrations, with Windows, not NetWare, so I know the feeling – but your problems with NetWare are the exception, not the rule.

        • #2667312

          For $85,000 you got what you paid for

          by oz_media ·

          In reply to Novell not Abending??? Since When???

          I will remote network a Novell house for less than $85,000 yr but not as a F/T onsite tech. The last company I wordked with paid the junior tech that much and he was still finishing school.

          I NEVER see abends, in several client shops, patches I don’t think I had a single abend due to a patch.

          My advice, find a better tech, certs aren’t anything if you can’t perform the work. My job is like being the Maytag man, I never have anything to do, I just watch everything work each day and log in to fix he odd dektop issue. This is only for one client on a $64,000 contract that has me remote networking from my home but it isn’t exactly work.

        • #2667237

          KB828035 and Groupwise

          by lweight ·

          In reply to For $85,000 you got what you paid for

          If Microsoft “forced” patches, then my Library District’s Groupwise would no longer run (which Microsoft would probably like…) as KB828035 “fixes” a problem with the Microsoft messenger buffer overrun in such a way that GroupWise 6.0.02, which needs MS Messenger to work in the way it was originally designed to, stops working correctly when the patch is installed. I found this out the hard way recently when setting up five new Dell OptiPlexes and a new Dell Latitude notebook. I had set up the first Optiplex and not downloaded that patch (there were 18 “critical” patches and upgrades on the Windows Update site needed according to the site for each of these machines right out of the box-running W2k Professional SP4), and everything worked fine. Then I made the mistake of putting in that patch on the next unit I set up, the Latitude notebook. This was the only difference in my setup routine. GroupWise quit working right after the patch. And the patch would not completely uninstall. I had to reformat the hard drive and reload everything. Put in only the patches that I had on the first machine (no KB828035)and GroupWise worked fine again. I have set the Windows Upgrade on all new machines to have me manually check for upgrades and install as I choose, (after doing a little research on), on an individual basis. Of course I only have 30 machines at two sites to worry about. I hate to think what life would be like if we had a really big network or ran Windows servers. (I have 3 servers running Netware 6.0-have been running Novell since 1995-servers never abend-only time one has been down in over two years was to replace an aging UPS, and when my Novell consultant comes in once a year to do a few ugrades & patches.) BTW-obviously I am not an IT person, just another “accidental systems librarian”, and it is only because Netware, Zenworks, BorderManager and GroupWise are such stable, solid products, that I can spend so little time on network administration and desktop support. This lets me do my “real” job, which is all the other library stuff-reference, collection development, etc., Bottom line, as long as computer users, both home and office, are going to have systems that run additional non-MS software on a system with a Windows OS, “forcing” patches (especially when those patches frequently are buggy) and upgrades, while seeming to solve one group of problems, will cause more problems in other areas, and make a lot more people made at Microsoft than already are. Once size just doesn’t fit all.
          LW

    • #2695492

      Of course not

      by oz_media ·

      In reply to Should M$ force security patching?

      I think Ms and it’s junk are imposed on us enough asd it is. In many cases, especially when buying a new PC, it is almost impossible to find anything but that horrid XP Home installed, unless you go to a professional workstation and then it’s just XP Pro. Unforyunately, I would run neither by choice and am forced to them pay for the original OEM install followed by paying for an upgrade to whatever OS I choose.

      MS has released som eEXREMELY buggy patches, just look at that latest security update garbage, the file disables links on SO many computers I had to send out a network bulletin NOT to install the suggested update. They have since offered info in the MSKB on resolving the issue but why even release a patch that needs to be patched (sounds like a fitting description of XP, a patch that needs patching).

      In the case of a forced patch, I would have driven 6 hours to start repairing 130 computers (faster than remoting in after checking that users aren’t online first). So they patch a ‘security vulnerability’ ONCE AGAIN, and it needs patching. Force that on users and you have one hell of a major problem.

      Secondly you must consider the vast number of updates they would need to send out. We are talking MILLIONS and MILLIONS all over the world. The internet would be jammed with email traffic for days as well as MS’s servers. Can you IMAGINE if five hundred thousand people decided to download updates withng a few minutes of each other?

      NO thanks, toomuch hassle, leave my PC alone.

      If other people are unable to secure and protect their systems, I stay employed, if everyone is a self made MS support pro, I have several business and lines of work I can fall back on, MANY don’t though. Outsourcing rage is bad enough, can you imagine if those jobs were gone forever?

      Let people screw up their PC’s, let me download my OWN updates (usually LOOOOOONG after they are released), if you don’t want to run such an insecure and constantly hacked OS, don’t, there plenty of other options if Windoze doesn’t cut it for you.

      OM

      • #2694770

        Living with Windows

        by pgm554 ·

        In reply to Of course not

        Whether we like it or not, M$ products are going to be the dominant software platform for the next 3 to 5 years.

        Because of their vulnerabilities, they can play havoc with the rest of the IT community.

        I noticed the other day that the guy that created Spybot S&D(a wonderful FREE product), has been going through DDoS attacks.

        The machines that are doing are probably M$ zombies created because of security holes.

        People are basically lazy and the law of inertia kicks in when having to switch from one OS to another.

        A couple of thousand zombies can wreak havoc on companies we come to know and depend on.

        So would a Draconian effort on M$?s behalf be such a bad idea for the home user? Maybe not.

        The machine I worked on would be a classic lab project in a tech school.
        This is the first time, after cleaning the system with 2 or 3 different virus scanners, that I have seen things like the built in firewall not being able to be accessed or turned on.
        After I installed Norton, the live update would not work.

        If anybody has seen this or knows how to go about approaching the problem, please chime in.

        I am keeping a copy of this system just to see what the problem is.

        I had to reinstall XP and restore the data to a backup volume so they could pick and choose what they needed off of the old drive.

        This one’s a doosy!

        • #2694737

          Couple of comments

          by oz_media ·

          In reply to Living with Windows

          Firstly, merely from amusement, how did you derive on the conclusion that MS will be dominant for 3-5 years and what do you think will stop its dominance after that time? Please don’t say Longhorn will keep them alive, the alpha I played with was nasty!

          As for the Spybot creator, he should know better than to use a Windoze server for such mission critical development.

          End users with auto updates, now you’re not only wanting MS to send out updates but to select WHO gets the update? I think MS would need to double in size just to handle the mail servers and accounts. Again, it’s dumb end users that keep me employed, let them make a mess and then call me.

          Your XP issues, I have seen several viruses disable firewall, AV Scnners, file removal etc.

          It sounds a lot like bugbear (from memory, I may be wrong) however there are quite a few trojans that start broadcasting ICMP traffic, usually causing a form of Denial Of Service attack at the same time. It needs to disable the firewall in order to allow the remote server to communicate. Live update is another big one to stop as it stops people fixing the problem.

          This is actually somewhat common, I usually use a second PC to download fixes and scanners then just run the small files from floppy to clean the infected PC. You can also usually see the program running in the task manager or the startup file and disable it in order to get your NAV or Firewall to run.

        • #2694735

          Yankee Group

          by pgm554 ·

          In reply to Couple of comments

          According to the latest published Yankee Group findings M$ has a 94% desktop penetration.

          Linux will start to make inroads in 2006.

          I never try to predict anywhere more than 5 years into the future as to what will transpire.

          Could this be a longer curve?Yeah.

          According to the article,going to Linux shows no cost savings over Windows from a Windows only network.

          But then again I’ve seen stranger things happen like somebody spending $200K and 2 years of my time to upgrade from 4.x to 5.X and a year or two later rip and replace the entire network with a W2K ,simply because they thought that Novell was not going to be around.

          Go figure.

        • #2694715

          Novell was not going to be around.

          by oz_media ·

          In reply to Yankee Group

          Looking back on things I’m sure they spent their money well. lol

          THat’s the problem with letting MCSE’s near NOvell shops, they swear it will be better because they usually understand nothing about NOvell or the history of the Netware NOS. ANY knowledge even very partial would help them understand that Novell is far from going anywhere, I have another Novell Linux seminar Wednesday, when will all the kittens open their eyes and realize there are better solutions in life than Microsoft? Oh well, an unaware industry means higher wages and more clients for me. MCSE’s are battling toe to toe too often for my liking, or wallet.How can you justify $150.00 hr when everyone and their dog is MCSE certed?

        • #2694631

          Well I find it easy

          by hal 9000 ·

          In reply to Novell was not going to be around.

          because all the so called MS certified experts know very little and stuff things up so much that the people are glad to see me or one of my staff walk in to attempt to fix the problem.

          At one instance recently I had to pull a server and reload it from scratch because of some fool MS certified techs actions. But hey it’s a living and it is in the service rather than the sales where the money is made so I’m happy to let them do what they like and then walk in to fix the mess afterwords.

          Col

        • #2694629

          On the head

          by oz_media ·

          In reply to Well I find it easy

          You got it Colin in a nutshell. Other people that screw up their PC’s and servers keep me employed. I say let the home users get viruses, let the unsecured networks be hacked and don’t forget to call me when it does.

          OM

        • #2694558

          The only thing with Virus Infections

          by hal 9000 ·

          In reply to Well I find it easy

          Is that it is time consuming work that I do not find fulfilling. I tend to see these preventable things as more a waste of my time than a source of income which granted it is but the work in cleaning these infected machines is really painful particularly like recently when a Surgeon had to have his home computer cleansed so he could send an urgent e-mail. The recipient bounced the infected e-mail and informed him that he had X infection which had to be cleaned immediately.

          Now as this guy is cutting holes in me I have to more or less be at his beck and call {or as he threatens me his hand might start shaking} so I went down there cleaned the unit up installed the new copy of Norton’s AV that he had there for God only knows how long and made a note of when it expired. Well 12 months latter it expired and it took me 4 months to get in there to install the new version and even then I only got in because he couldn’t get a dial up connection {seems that the recent rain had affected that phone line and it was so noisy that you couldn’t even dial out on a phone} but at least I got in there to install the new AV product which he wasn’t the slightest bit concerned about. He actually thought that having the unopened box there made the computer safe from infection.

          Or there is his work computer which I was blackmailed into fixing it has XP Home on it an internal modem and no firewall turned on as well as no AV protection. He also has PC anywhere installed so that the main application on the computer on be upgraded every 6 months or so by the makers of the software. Talk about having a self sustaining market. But anyway after some initial hesitation I walked in there late one afternoon as they just couldn’t be without the computer during business hours and started on closing and stayed until all the stable Windows updates had been installed now a dial up connection and all Windows XP updates are not a good combination as it is very time consuming in downloading them if I had of realized that nothing had been done to the computer since it was bought I would have taken copies of all the patches and installed them from CD but I was only supposed to be there to do some routine housework in making his files easier to find.

          Well at 9.00 am next morning when he came in his first question was how did you get in after you left last night? It was inconceivable to him that I had been there from 5 PM till 10.00 am the next day without a break so I just asked him when you have a patient on the table and it turns 5.00 pm do you pack them up and send them back to the ward so you can finish off the next day?

          Eventually he got the idea but it was a massive waste of my time and effort which I deliberately do not charge for as he fails to follow my recommendations and with our current Privacy Laws he could end up in jail if I was called to give evidence as he isn’t doing everything possible to prevent an intrusion. His only claim is that the unit is only used for sending in bills electronically to Medicare and no patient details are on the unit. I just asked what was required when the bills where uploaded each night where things like the name, address, the reason for the service offered or treatment given recorded?

          While it is against my better judgment I sure as Hell want nothing to do with any more court action so if there is no record of me ever seeing his work computer I can not be called as a wittiness against him. But it sure as hell takes a lot of time but on the up side I have supplied computers to all of his staff and have a service contract with them all.

          Col

        • #2667363

          Linux…Better???

          by sedge ·

          In reply to Novell was not going to be around.

          Oz, have you bothererd checking out the CERT site lately? Linux and its product lines are getting hit by viruses, worms, etc. 3.5 times more often than Microsoft. You never hear about it, though, because Linux is such a small player i the market. Will it be viable? Maybe in a few years. For me, I’ll take a product that has at least shown it has the power to last in the market. Perfect…no! But, sorry to say, the perfect software will never be written. Maybe that’s just so that people have something to complain about.

        • #2667215

          I wasn’t talking Linux

          by oz_media ·

          In reply to Linux…Better???

          I mentioned Ximian Linux for desktops which runs with a Novell server. This is FAR more stable than the other flavours as it is behind Netware for a start. With a well secured GroupWise, AV system and GWAVA, this is a VERY secure, safe and solid system.

        • #2667359

          Similar problem on a corporate machine this week

          by sedge ·

          In reply to Living with Windows

          I had a similar problem on a corporate desktop computer this week. Somehow, and I don’t have any idea how, the user had turned off virus protection, even though we have it set to install (if necessary) and update every time the user logs in to their assigned server. The user had over 200 viruses and Symantec wouldn’t even run at that point. After my security administrator worked on the machine for three full days, he finally gave up and used Ghost. Reimaging works wonders. So does FDisk. Sometimes its just easier and more cost effective to lose it all and start over. A hard lesson for the user, but hopefully one they’ll learn from.

        • #2667319

          Sledge this could be an answer for you

          by hal 9000 ·

          In reply to Similar problem on a corporate machine this week

          I have an XP Pro unit that constantly turns off Symantec AV auto protect protection. So far between myself and Symantec we haven’t been able to work this one out but since it is on my unit which has recently been reloaded I always catch it and turn it back on but the average end user would just click on the message to get rid of the warning window and forget about it.

          Col

      • #2694632

        Firstly OZ you live in the wrong place

        by hal 9000 ·

        In reply to Of course not

        Over this side of the pond most PC’s are made by the small specialist shops and the big guys like Dell, HP, IBM and their ilk don’t get much of a look in as they are considered as not the best available.

        Here most PC buyers get what they require rather than what they see in an advert somewhere but you are correct about XP being the OS of choice but this is as much Microsoft’s Marketing Policy as the perceived need to use Microsoft Windows by the buyer. Currently on most computer adverts here the bare price of the computer is shown and then in fine print what options that are available will cost like bigger HDD’s, CPU’s, more RAM and an OS and programs.

        So while most PC’s this side of the pond are not prepackaged with Windows it is however the most requested OS that is being sold as all the software that a home user and their kids will be using was only written for Windows.

        I recently spent 1.5 days at a persons home installing Windows Updates as they had just gone on line and needed the added security on a IBM Thinkpad {read that as a Lap Top} which was accepted as needing replacing ASAP. But other than LT’s most of the desktop units sold here have the option of installing whatever OS the buyer wants.

        But on the other thing that you mentioned if all the new Windows units where to try to access the Microsoft update site at the same time well at least the same time in their respective time zones wouldn’t Microsoft have a DOS attack of their own making?

        Col

        • #2694623

          Try to buy a namebrand without an OS

          by pgm554 ·

          In reply to Firstly OZ you live in the wrong place

          Dell and HP (with the exception of file servers) bundle in the OS (Windows) if you want it or not.

          This is a piracy protection scheme instituted by M$ with their big vendors to get the price break.

          You can’t buy a name brand laptop without Windows installed. (Yet!)Dell tried Linux for a while and p****d off M$.They then dropped the Linux offering due to “lack of interest” from the consumer.

          When M$ negotiated OEM deals w/ Compaq, Dell and such, the contract said you pay M$ a license fee for EVERY pc you ship, regardless of the OS installed. So what was the incentive to ship say, OS2?
          This was brought out in the M$ monopoly hearings in the 90’s.

          As for IBM, they are saying they will ship Linux as an option, but I don’t know about the desktop or laptop. (I hate IBM laptops; their design reminds me of an old Russian car design, awkward and clunky)

          So we pay a hidden M$ tax on every desktop /laptop
          that we purchase from a big OEM.

        • #2694612

          Linux OEM

          by oz_media ·

          In reply to Try to buy a namebrand without an OS

          Well IBM, HP and Compaq in Canada are almost ALL available with your choice of Windoze or Linux flavours.

          HP has adopted linux and is on tour with the Novell Linux for desktops seminars. HP servers runnig Novell Linux are all the rage now here.

          As for IBM THinkpads, they aren’t as flashy as Caompaq Evo or HP laptop but they will outperform and outlast them almost everytime.

          One of my clients has a massive mix of old and new laptops throughout his office, I am APWAYS repairing the HP’s, rarely repsiring the Compa’s other than the odd software patch and NEVER repairing the IBM’s. My thinkpad has a three year onsite warranty, dopes HP or Compaq? No.

          So what we lose in asthetics we gain in quality and performance. I used to have people ALL the time tekking me that the Harman Kardon Amps looked so dull and that JVC’s were so much nicer. I would ask, “do you look at your music or liste to it?” If there was ANY ehsitation, I’d sell them JVC and watch them leave with a pretty box of junk. If they wanted SOUND, I would sell them a simple looking HK system that sounded a thousand times better than the Sony, JVC and Fisher crappo stuff and they would be back with friends to buy more HK in no time, it speaks for itself.

          SO I must now ask you, do you LOOK at your laptop or use it? If you look at it and are concerned about HOW it looks, then go find an HP or Compaq off the shelf. If you are concerned about quality, software updates and performance, but yourself a Thinkpad.

          Note: I nkow that the OLDER Thinkpads were massive clunky boxes but mine is actrually very slick, thin and quite light. Especially when compared to my friend’s brand new 17″ HP. The aspect ration is great for DVD’s but it sucks for everything else. It weighs a tonne, has a cheap plastic casing just waiting to crack ro split and has a one year carry in warranty. he now says he should have bought one like mine but his wife wanted the suprer 17″ wide LCD panel for DVD’s, not knowing how screwed up everything else looks. He has Tiger Woods PGA Tour 2004, with oval balls, lots of fun! Especially the shrunken trees, the flat sky and super wide greens.

        • #2694603

          HK

          by pgm554 ·

          In reply to Linux OEM

          I’ve used HK in th past.They made one heck of a good integrated amp.I remember the “high current capabilities”touted .It was rated 80 WPC/RMS ,but had a fairly high clipping range and could deliver nice transients.

          But alas ,it got ripped off by a coke head “friend” of mine and HK had quit making the model.Hard to find a decent integrated amp at a good price.

          I now run all separates :
          Bryston 4B amp
          Adcom GF550 Pre Amp
          Denon CD player
          Magnapan MGIII’s (15 years old and I still haven’t heard a speaker that does everything so well)I swear by these things.

          But ,not so good for Rock or Metal ,dynamic sound pressure levels can’t be achieved as well as cone speakers.These can’t make your ears bleed like a JBL or Klipsch.

          I was listening to a $40K pair of WAMM’s at one of the high end shops and came away wondering how that much money could be spent on such a disapointing speaker.

          But hey ,they look cool.

        • #2694581

          HK still on the map

          by oz_media ·

          In reply to HK

          Although HK is now solely Japanese, they still make on eof the the nicest sounding integrated amps and amp preamp components around.

          I have an older (champagne gold, mmmm) HK Amp PM 660 that was 100W with 60 Amps of current. I peak it out at about 360 Watts perside into 4 Ohms. But I have boxed up my older Amp/Preamp components to be shipped to England where I am also TRYING to get a new studio built. Talk about a headache trying to coordinate things! I will either move back or hire someone to run things for a while anyway.(OVER the table, Max)

          I run a mix of monitors and speakers, Mission, Paradigm, B&W depending on the room (and Bose monitors in my studio).
          I had an old pair of Altec Lansing 9’s they took up more space than any of my furniture and I ended up selling them to an audiophile who used to buy equipment from me when I worked in the industry full time.

        • #2667538

          Even the Compaq warranty isn’t what

          by hal 9000 ·

          In reply to Linux OEM

          It cracked up to be. I had a customers LT in with the complaint that the display was RS which it was and after speaking to Compaq they insisted that I return it for repair as both the LT TFT Monitor and a CRT monitor that I plugged into it had the same look. I specifically asked what the recommended and default screen settings where and I was told that what was running on the unit was perfectly acceptable.

          Well they got it sent back to them and 3 weeks latter when it was returned with only a wipe and reload of the HDD done. I found that someone had rammed up the display resolution as far as it would go which had been the entire problem even though the “Help Desk” did insist that what I had on the unit was the default setting. While it may have been OK for playing games it was hopeless when a word processor was loaded as all the letters where almost unreadable. Well as that was the first time I ever saw that LT and I didn’t supply it I didn’t feel too bad about what had happened as after all it wasn’t my fault but a bit more experience from Compaq could have saved a lot of time and inconvenience particularly when I did suggest lowering the set resolution and I was told not to.

          Col

        • #2667534

          Levels of support

          by oz_media ·

          In reply to Even the Compaq warranty isn’t what

          If I go to London Drugs or Future Shop(local retailers) I can buy entry level Compaq’s or HP’s etc. They are all pretty cheap hardware wise and the support is one or two years carry in with retarded phone support (As you’ve found).

          If I buty through my dealer, I get professional workstations and desktops. These come with multiple OS choices that you pick during initial boot up. They also come with much better hardware and a 3 or 5-year ONSITE warranty. My EVO is onsite for 5 straight out of the box with no additional warranty applied, as is my IBM laptop and all the servers I manage.

          In you case you stated, Compaq would have had a technician ONSITE in 24-48 hrs with replacement hardwaer if needed. If not, these guy will replace you PC daily part by part until it is doing what you want it to. I find Compaq and IBM’s ONSITE support to be the best around, the phone support at Compaq is awesome yet the IBM phone support is substandard, they just don’t grasp major issues properly, not to worry though, a tech is sent the next day who DOES know what’s going on. Over the past year, Compaq and IBM have replaced several thousand dollars worth of parts, some dead some just pissing me off and not really a problem with the hardware. They just do as you ask and then ask if there’s anything else you need, they then thank you for choosing their product and going on their way.

        • #2667439

          The reason for different service is

          by hal 9000 ·

          In reply to Levels of support

          Probably then down to the fact that they are not very big this side of the pond. As it was that particular unit had to be sent to Sydney about 1,200 KMS away.

          Like all of the companies over here they are contracting instead of expanding with only the head office where work is performed although HP did send out a tech to a job that was a seller induced problem and then wanted to charge for the call out. Which I had to take him outside the business and explain exactly what had happened and if he did actually charge for the call out which he was quite entitled to do it would result in at best bad customer relations and at worst legal action being bought against the seller by the buyer. Which the seller deserved but as neither of us needed the added hassle it wasn’t an ideal position to be in either. Anyway he eventually decided that as he didn’t want any problems either he just ran it through as a warranty claim and left me to clean up the mess. Not my favorite thing to do but in this case a necessary evil.

          Col

        • #2667260

          Funny you should say that

          by eri-groe ·

          In reply to Linux OEM

          Due to some horrible experiences with IBM some years ago (early aptiva et.al), I’ve never even considered going the ThinkPad route. But, as I got into a long time job with one our customers, they wanted me to have one of their laptops – easier to maintain etc. I am impressed. Have used the unit extensivly for 1,3 years now, much travel and working under rather rough conditions. Most of my colleagues have had mayor mishaps with their HP and Compaq units in that period (and they have stressed their equipment much less).

        • #2667542

          Thats probably why I avoid the Name Brands

          by hal 9000 ·

          In reply to Try to buy a namebrand without an OS

          But you are perfectly correct about what you have said above with the License deal between Microsoft and the Big End of Town.

          But if I do need a Lap Top/PDA I can buy them from a supplier minus OS or any software granted they are not any of the “Name” brands but they are effectively the same as they use common parts in the units that I do supply when needed.

          But I particularly like Compaq {now HP} when they supply the AVO series desktop with recovery CD’s but there is no CD Drive in the unit. By at least you do get the CD’s which is a lot more than can be said for some of the makers who want extra for them.

          Incidentaly I think you are right about IBM LT’s I particularly disliked the ones with that bloody awful joystick sticking out of the middle of the keyboard as I kept jabbing my fingers on the thing and it hurts when you do this not to mention pushing the cursor where you do not want it. Even the button that they replaced it with was no better but at least you didn’t constantly hurt your fingers on the thing.

          I know about IBM and Linux but at a recent meeting they where unwilling to talk about Linux at all probably because of the SCO fiasco that is currently underway.

          Col

        • #2667540

          Funny

          by oz_media ·

          In reply to Thats probably why I avoid the Name Brands

          I waas actually supposed to go to the yatt in Vancouver this morning to attend ANOTHER damn Novell/IBM Linux for desktops seminar. The last one was HP and Novell (How HP servers now come built with Linux and Novell NOS) this time around it’s IBM and Novell. I see one thing VERY positive here, the major manufacturers are beginnning to realize there is a growingf demand to move from Micosoft to Linux on the servers, until now, Linux hasn’t really had a good desktop OS for the Windows users to grow into. Well Novell and Ximian has changed all that and they are hammering a business server market VERY hard. They hve partnered with IBM and HP who are providing NOVELL presinstalled on the sever along with Linux XD2 desktops on their workstations. I wouldn’t be too happy if I was in school now studying for my MCSE, there are much more lucrative fish to fry now.

          So whereas they MAY have been reluctant to discuss Linux, IBM is now on tour promoting Linux as their newly supported OS and NOvell’s NOS in servers. As Roger Waters sang, “The tide is turning”

          OM

        • #2667537

          Well that was about 2 months ago

          by hal 9000 ·

          In reply to Funny

          So maybe something has happened in the “Legal” side of things since or maybe the people over here where MS “Certified” and didn’t know/want to talk Linux.

          Either way the silence was deafening when I asked could their software run on a Unix/Linux platform.

          Col

        • #2667530

          Probably becaus ethey were scared

          by oz_media ·

          In reply to Well that was about 2 months ago

          …to answer as things were still in development stages. They have been testing Linux on IBM and HP for abuot 18 months now and are just now releasing it. Now just think if this was MS, they would have just said SURE!!! What’s your credit card number, we’ll MAKE it work. A year later when guinea pig Colin has puled all his hair out, they simply release a bunch of patches and sell some more. I don’t like being a beta tester without knowing it.

        • #2667536

          Compaq EVO’s

          by oz_media ·

          In reply to Funny

          I actually have a Compaq EVO D500 in my workshop for doing some CNC work and it’s one of my fav’s around the house.

          It did come with a CDROM, but the OS was a partitioned file for easy reinstall after reformat. They send me a set of disks too in less than 48 Hours for free when I asked for them.

          The one thing I love about OEM’s is that you have one stop shopping for drivers. With the exception of my graphics card, almost all my hardware is stock, the BIOS updates are a piece of cake and ALL other updates are on he same page, very quick and easy. Same with my Thinkpad, Hit F11 during boot, wait about 45 minutes and EVERYTHING is reformatted, resinstalled and even updated automatically via thier site. I’ve done a reformat on my way to the ferry, just let it run while I’m driving to the ferry and it’s all ready and up to date by the time the ferry gets docked on the Vancouver side.

          I save my additional hardware on a separate partition so it is a quick recovery to be excatly where I left off, with a fresh system.

          I was quite disappointed when Compaq and HP merged, I really don’t care for HP at all. It’s nice to see however that Compaqw is still kept quite independant of HP aklthough they share the same webspace, the old Compaq formatted site is still running for now.

          Now if I want a clean PC with NO OS, my vendor will also provide ANY of the Compaq, IBM or HP models OS free, but then I just have to buy a license anyway. In the case of using Linux, that comes in the box now too, they usually come with several OS choices and during initial setup, you choose your OS to be installed, it sets itself up and then deletes the others from the partition.

          My EVO came with a choice of Win98SE, Win2KPro, WinXPPro (now it would come with Linux also). Do I need to say I chose 2K?

          OM

        • #2667356

          Dell’s are custom built

          by sedge ·

          In reply to Firstly OZ you live in the wrong place

          Col,

          Just an FYI. Dell will custom their computers to whatever specifications the customer wants. How they can be so big and still do that, I don’t know, but they do. I’ve found them to be wonderful people to work with. They really do try to work with the customer.

        • #2667309

          Yes I know that but

          by hal 9000 ·

          In reply to Dell’s are custom built

          It is true if you only buy from Dell. When they are sold through chain stores like they are over here you only have the option of what is on the shelf and not what you actually might want.

          Now granted I would never consider buying any computer from a place like that but so very many do particularly LT’s as they are considered as nothing more than a necessary accessory to most business people who want something fast and now not in a weeks time.

          Even a lot of small business buy from these places because they think they are getting a better deal which if only price was to be the main yard stick with which to measure they would probably be getting a good deal but all to often I’ve seen these places sell computers which at best are so far below standard it’s not funny and at the other end of the spectrum I’ve seen one company shell out over $20,000.00 for 6 computers and a hard wired network with a net connection. Now this consisted of a ADSL modem connected to a hub and then through wires to every computer. The face plates where not even fitted to the outlets and no network was established they thought that a network required them to e-mail stuff between workstations. Every unit came with XP Home and no software at all. The guy who was wiring the place finished off getting everything working and then walked out the door saying “I’ll be back.”

          Well a little over 10 weeks latter when he had not returned or called I was called in to fit a DVD drive I was horrified at what I found and a 15 minute job ended up turning into a 4 weeks of full time work setting everything up and installing the software that they really needed as well as dumping every copy of home in favor of Professional. Then there was the Compaq sold with 2 monitors which was ordered specifically but no means of fitting the second monitor.

          What I’m trying to get at here is that while these things can be configured as required by the end user if bought directly from places like Dell more often than not they are not bought from these places because of time constraints and price.

          I will not even mention the Server that I quoted on and was asked why my computer was over $45.000.00 with all their specialized software when they could go out and buy a computer for $995.00. Well they approached the company who was advertising the computer who add they showed me and using my quote got a better price for less of a computer and no software other than Microsoft the company had to buy the specialized stuff that they needed but what tore this one was the server died within two weeks and the people who made it claimed that it had suffered a “lighting strike.” Well as every other computer in the place didn’t work either that looked like a sensible conclusion except for the fact that we had no thunder storms or lighting for months previously so their insurance company sent it to me for a report, at this stage I didn’t know who owned the computer only that a insurance company wanted a second opinion. When I pulled the cover it did look like a lighting strike but on closer inspection I found mains power coming out of the 200W unbranded power supply. Needless to say 240 V AC tends to do a little bit of damage to the system particularly the 1.5 V DC logic circuits and the network as well because 240 V AC going out over the CAT 5 cabling doesn’t do much good to things connected to it either.

          I was then requested to attend the place where this server was supposed to live which was the company who I had given a quote to previously, when I found this out I tried to drop the job as I had a conflict of interests on my hands quite unknown to me previously. But as I didn’t actually supply anything to this company the insurance company who considered me as their preferred repairer would have none of this and insisted that I perform a full diagnostic and give them a full report on the damages sustained and its possible cause.

          For the last 3 weeks I’ve been sitting outside a court waiting to give evidence against the company who provided the computer which killed everything computer related in the building. While this is not my preferred method of doing business it is an unfortunate necessity and something that I just have to live with though I’d gladly change places with some one else in cases like this.

          Col

      • #2667239

        I agree

        by w2ktechman ·

        In reply to Of course not

        First I think that it should be a choice that can be disabled, if nothing else it should prompt for a patch with the ability to say no. Many times I have seen patches run, and then blue screens or other problems follow. I do think that it is not a totally bad idea, but there are literally thousands of system configurations, and 1 patch fits all doesnt work well.
        My veiwpoint is that if you want to install it, a prompt is good, but any feature like that should be easily disabled without a novice looking through hundreds of MS docs online.

    • #2694624

      In answer to your question

      by hal 9000 ·

      In reply to Should M$ force security patching?

      NO!

      While I do understand exactly it might be a good idea on paper Microsoft just lacks the means to service this option as they will never have enough bandwidth or Internet access for this option to be a viable option. Maybe for the business community where the computers are left running 24/7 it just might work but then again any System Admin will stop this from happening until he/she has at the very least tested the patches involved to make sure that they don’t do more harm than good.

      But can you even imange what would happen f every home user in a particular time zone was to attempt to access the update service at the same time? If this was a preset action there would be such a large DOS attack on the Microsoft update sites that it would make “Slammer” look like something that was a desired event. While it sounds like a good idea the practicalities are a different matter which Microsoft couldn’t hope to master in any time frame as they just lack the infrastructure to service this demand.

      But it could leed to a “Pay for Service” update service provided by Microsoft as the company couldn’t help to ever have enough bandwidth available to even come close to filling the demand, but if there was a user pays system in place a lot of the updates would not be applied by most home users and there would be a need to have credit card details permanently entered into the home computer or a Microsoft database which could then allow a priority allowed to individual users. Remember Mr Gates proposed option was to only have dumb terminals in every environment and then have the end user log onto the net to obtain the applications that they needed to perform their desired work of fun depending on who exactly was using the system. While it sounds like a great idea from Microsoft’s point of view the reality of the situation is however completely different as Microsoft could never hope to have the capacity available to service this market world wide no matter how cheap the service may be and while Microsoft has a large percentage of the PC market they certainly don’t supply every bit of software in the available ranges for instance Microsoft has no accounting packages so unless MS was to form allincences with these companies where they do not already have an existing product there would be no way possible that these packages could ever be considered as a viable alternative and that is without even considering the security angle.

      Col

      • #2694620

        DDoS happens everytime there is a new flaw discovered

        by pgm554 ·

        In reply to In answer to your question

        Depending upon the time of day you hit the M$ site,this happens now.

        I needed the SP3 admin pack for OFFICE/XP.I hit the update site and was getting 9 k download speeds.(2 different ISP and 2 different sites).

        So we are getting bandwidth issues now.

        As for M$ not having accounting packages,they own: Great Plains,Navision and Solomon IV.

        • #2667535

          Well then

          by hal 9000 ·

          In reply to DDoS happens everytime there is a new flaw discovered

          They are just not sold this side of the pond so I would guess without seeing then that they are just not world wide compatible.

          Hardly a good advertising point from MS is it?

          Col

        • #2667425

          Navision

          by pgm554 ·

          In reply to Well then

          Navision is a Denmark based accounting package that M$ bought a year or two ago to get a foothold in Europe.
          Navision is a big player over there from what I understand.

        • #2667421

          Well I’m in AU

          by hal 9000 ·

          In reply to Navision

          And there is absolutely no accounting packages sold by Microsoft here or at least I should say there are none that appear in their price lists.

          It is probably because of our screwy Tax System that this happens.

          Col

        • #2667410

          Navision

          by andymck ·

          In reply to Navision

          We *had* it. We now use Sage. 🙂

        • #2667355

          Great Plains

          by boomslang ·

          In reply to Navision

          Hmm… Sounds like our local lumber company who used to have Great Plains… and now has Sage… Something in common here.

      • #2667409

        Re: DDOS

        by andymck ·

        In reply to In answer to your question

        This is actually a very good point. Maybe Microsoft will release all security patches through Kazaa?

      • #2667368

        beware

        by carrboyd ·

        In reply to In answer to your question

        you have a computer set up the way you want it ,you or some one adds some microsoft programme and it alters all your settings,examine their track record they buyout or bankrupt any serious opposition and also disrupt any attempt to bring in standards .then we have microsoft/intel/palladium looming so you will not have control of the pc you paid for

        • #2667302

          I can remember one recent MS Patch

          by hal 9000 ·

          In reply to beware

          Which removed every SCSI HDD, every external drive and the network connection. But at least the one IDE boot drive was still there even though there where so many error messages about programs/HDD’s no longer being available it really wasn’t worth booting the unit. Roll back didn’t work and the only fix was to reinstall everything.

          That is exactly why I always test any patch on a test bed before applying it to the network.

          God what a mess that would have been if automatically applied to every computer on the networks that I consult for. We wouldn’t have stopped work for months and then we would have had to work 24/7 just to get everything up and running again.

          But that is in business not home where the average home user doesn’t actually use the computer for anything other than games as it is considered as nothing more than a very advanced play station that is fun to use. In a case like that the few bad patches put out by Microsoft would cause minimal problems compared to the problems caused by all the unpatched computers on the net right now that are constantly spreading infections and spam.

          Col

    • #2667448

      Switch to *nix

      by mrafrohead ·

      In reply to Should M$ force security patching?

      then you won’t have to worry about the problem…

    • #2667412

      No Way

      by davep89 ·

      In reply to Should M$ force security patching?

      I have a basic problem with anyone or anything trying to force changes onto anybody. This is not because of any left-leaning philosophy of life but because patches are historically not 100%reliable, the central body doing the forcing could never be sure there wasn’t good reasons why the patches shouldn’t be applied to a particular machine at a particular time, and I’m sure there are lots of other reasons! Basically, I don’t think its clever for any single body to force code modification on to any other body in this context.

      However, I would have no problem with ISPs/remote sites interrogating a PC for patch level, and not allowing that machine to connect if it is a security risk. Maybe there is a new online product here? A site that provides this service to ISPs or other sites and then produces a blacklist of IP addresses that aren’t properly protected!

      • #2667299

        Just one question here

        by hal 9000 ·

        In reply to No Way

        If the unpatched units where blacklisted and prevented from using the net how would you then be able to get the patches so they could surf the net again?

        Remember the original poster was talking about “Home” computers.

        Col

    • #2667411

      No automatic updating thank-you

      by justanothertechie ·

      In reply to Should M$ force security patching?

      I’m surprised that Microsoft would seriously consider this – and doubt wether they actually are considering it – perhaps this is a highly charged reaction to a rumour?

      I’m sure MS understands the principle that comes into effect when you take away people’s choice to harm themselves – you become responsible for the harm they fall into that you might have been able to prevent if.. Governments deal with this issue all the time…

      • #2667376

        hmmm…

        by datamordechai ·

        In reply to No automatic updating thank-you

        That’s a good thought. Perhaps your right. But MS is known for preventing Piracy of there software. That is the only reason I could think of that they would do this. And of course, I don’t blame them. But who’s to say they wouldn’t do this as an ultimate method of preventing it. I’m willing to bet that if they do this, they would release an enterprise edition of the software that would allow IT to test the patches before implementation. But on the other hand how much control does a software company really need and how much should they be allowed to have? This alone is terribly controversial. But I agree with you, I hope it’s just a rumor.

    • #2667408

      poor dialup users

      by leyther ·

      In reply to Should M$ force security patching?

      What about those pour souls on dial up? Are they going to be forced to be online for hours on end to sate the need of MS?

      Isnt it a bit rich of microsoft to start blaming the end user for the fact that their product is riddled with security issues? How about putting out a finished, secure, reliable product first.

      This is a knee-jerk reaction that has only come to light since the ms servers started to get hit by the virus writers. Before that happened they were pretty quiet on the security front.

      I dont want to be forced to patch my machine, which is up-to-date, is virus and firewall protected. I still get frustrated when my machine ‘decides’ to contact the windows update site automatically on connecting to the internet every now and then to see if there are any updates i havent got (this is not to do with the auto-update feature which is turned off).

      And if MS is so serious about security for the end user then they wouldnt have stopped the patches being available on magazine cover discs.

      And finally, who’s to say what is or is not a critical update? I know what i want on my computer, and i wouldnt want that control taken away by anyone.

    • #2667407

      Should M$ force security patching?

      by jackster@oz ·

      In reply to Should M$ force security patching?

      I think that users still have a right to choose. That said, I have spent many hours helping family and friends repair their unpatched machines. Part of the blame though falls on Microsoft too. Their refusal to allow PC magazines to distribute their patches is adding to the pain. Many people in Australia still only have dial up so downloading magebytes of patches is time consuming and frustrating. Finally, computer stores should be offering PCs which include a Firewall/AntiVirus package with a 12 month subscription not just a 3 month demo.

      • #2667405

        ARGH, I hope not

        by james lowe ·

        In reply to Should M$ force security patching?

        Doing sight support, I’vee seen a lot of users do a lot of stupid things, like saying “yes” a and “always trust” to anything a that popsup on their computer from any web sight or email.

        I can’t count the number of boxes I have had to blow up and reload because of this.

        Add to that the number of “lab tested” patches that yes work great in a lab where the lab keepers can control the quality, activity and everything else about the boxes, and as soon as they deploy to production they start killing boxes left and right.

        No, force feeding pathes is a bad idea. Adding patches that don’t apply to problems you are having is risky, acctually applting patches you need is risky enough.

      • #2667295

        At least be glad of the Demo

        by hal 9000 ·

        In reply to Should M$ force security patching?

        As it is only installed because it came with the M’Board without that there would be nothing at all in the form of protection.

        Maybe we should attempt to pressure the M’Board makers to supply real software instead of the crippled demo’s they would still get a massive discount and the cost would be added to the M’Board.

        Col

    • #2667403

      Keeping us in business?

      by matrixcsl ·

      In reply to Should M$ force security patching?

      Many home users and small business users don’t even know what a patch is, therefore, auto updates etc MUST be a good thing for them, saving them the cost of calling out IT firms such as mine.

      Speaking from an IT ompany Managing Director though, without such users in peril my business would be severely affected in terms of call-outs in income. So my vote is definately “no not a good idea to force patches etc”.

    • #2667400

      Should MS Force Security Patching

      by vijaychandran ·

      In reply to Should M$ force security patching?

      Remember the virus which affected all Win 2k and Win XP machines through the update port ? Now everyone will be clear whether a forced update, a security update or anything else, will only put your machine in more danger.

    • #2667399

      NOT!

      by salsatech ·

      In reply to Should M$ force security patching?

      I deal with home users on a daily basis and I agree that many tend to disregard most if not all of the common sense proceedures that we “professionals” take for granted.

      Security patches, A/V, firewalls, download control, spyware/adware scans, the list goes on. Why can’t the home user get it right? Some of us will say that the user is an idiot, others might say they simply disregard all of the industry safeguards and still others will say that the users are simply not educated in the ways of the online world. I think that perhaps it is a combination of these issues.

      I try very hard to not only troubleshoot and repair problems but also to educate. I teach them the basics of online security, the values of patching, of using A/V and a solid firewall. I rant about the evils of downloading freeware and not scanning it. Does all of this information sink in? Not always. But now and then some of these folks actually get it and put the information to use. These are the folks that I rarely need to visit again except to do hardware/network upgrades etc.

      The majority of the folks who don’t get it are too busy with their lives to worry about the details. They don’t have time or the inclination to learn the in’s and out’s of patching, online security, etc. They use the PC like they use the TV…and when it breaks, call the “repairman” or buy a new one. A knee-jerk reaction to this is might be to force patch their boxes.

      But will forced patching work? I don’t really think so. It is so typical of our profession to treat he symptoms rather than the cause. The problems will not start to go away until the home user understands the basics. Period. For every MS patch there is an MS exploit, if not two or three. MS gets whacked because they are the big target. And they are the big target because all of our dear users want it. Give it time folks and we will see our beloved ‘nix flavors getting whacked too. It is only a matter of time.

      I don’t think the answer is in the code as much as it is in the habits of the user. Secure code? Sure, that would be nice. Combine that with educated users and you might see things start to change. But don’t hold your breath.

      Peace

      • #2667290

        The problem here though

        by hal 9000 ·

        In reply to NOT!

        Is that their bad habits give you a bad name as most home users will not accept that they messed it up and will blame the repairer for their problems. As you say to many of us have too much to do in to little time and for most home users an auto update would save them lots of problems even though it might introduce a few as well.If Microsoft was to improve their scanning before recommending updates/patches that may reduce the problem drastically but it will never completely cut it out.

        I suppose that the problem here is that if you repair a computer and it fails soon afterwards because of an issue with a Microsoft product what’s more likely to happen the customer brings it back, takes it elsewhere to get it fixed or trades it in on something new?

        If it is the first or second option they will tell everyone that they know just how bad a job so and so did and how they where ripped off by them, also if the second option is the only one used eventually they will run out of paces to take the unit to for repairs and long before then they will firmly believe that every computer repairer is a thief who is only out to take as much money as possible from them.

        Granted I’m no great fan of auto updates but I’m also no fan of seeing my job get any harder than it currently is.

        Col

    • #2667398

      3rd Parties should NOT force changes.

      by register1 ·

      In reply to Should M$ force security patching?

      No matter how well intentioned, 3rd parties should NOT force changes in any one else’s environment. If we professionals protect our systems and our employeer’s as we are charged, the home user’s quagmire is just that – the home user’s. If you don’t want to clean up your friends machines anymore, explain it to him, don’t wimp out and ask some one to MAKE him do it right. We are not children, we should run to Mama Microsoft saying “He didn’t clean his room, make him clean his room”!

    • #2667397

      Microsoft needs to deal with bandwidth constraints

      by lcarliner9 ·

      In reply to Should M$ force security patching?

      Many users are caught in the backwaters of the “Information Sugarsand”, stuck not only with no viable broadband options, but with half-speed phone lines (like 28.8KB or less!). At this speed, it is essentially impossible to successfully download the mandatory patches!

      M$ needs to use some of its huge foundation monies to support advocacy and lobbying groups before the various state public service commissions (like in Florida) that allows phone companies to continue to raise rates to record levels, but turns its face and heels on the plight of these users stuck with these lines and no recource (like demanding for the sake of Homeland securities) that the outdated equipment be replaced that constrains phone line speed!

      In the meantime, M$ needs to contribute to homeland security by having teams at local libraries and city halls that will update the computers as they are brought in on the spot. Each and every interconnected unpatched computer is a danger to the public at large!

    • #2667395

      I don’t think so

      by hhe ·

      In reply to Should M$ force security patching?

      Might well be that the enforced application of security patches would result in healthier “average user” computer systems.

      In a professionally used and maintained computer environment I’d be very uncomfortable with the idea of giving MS the means to install what ever they want when they want.

      I don’t insinuate MS of potentially misusing such an open door (I’d not absolute exclude it either). But, MS, in the past has not proven to be a reliable software developer focused on quality and security. It would be negligent to install everything MS spreads; and most certainly would – as in the past – result in unstable and rather unsecure systems.

      Therefore, I simply will not allow MS to install any patches without having the chance to test them in advance and to autonomously decide whether I’ll apply a (security) patch or whether I’ll prefer to wait for the patch of a patch … of a patch. I’ll find ways to insist on that!

      Hans

    • #2667394

      Nope!

      by pvp ·

      In reply to Should M$ force security patching?

      I want nothing updated on my systems where I don’t know the update occurred! My AV and FW software have scheduled updates; anything else is on either “notify me of new but don’t install” or “if it ain’t broke…”

      As for fixing “friends’ home systems,” I have no such friends. 🙂 If yakking over the back fence doesn’t help, I’ll quote them outrageous consulting rates. Have to save my last shred of sanity.

    • #2667389

      Corporate vs. Home Environment

      by tsdrew ·

      In reply to Should M$ force security patching?

      I recognize that a lot of discussion and even planning is going into making “home” PC’s safer, more reliable and trouble free. From the corporate perspective, DOS attacks, virus/malware spread, etc. is perpetuated by unattended machines. Some of the comments highlight the careless assumptions that untrained end-users have about Internet surfing and program installations. I don’t foresee any short-term answer for this user set, aside from offering auto-updating, but have to wonder where the cost-liability falls for having this occur and, and who is then responsible if something goes wrong – programs stop functioning, driver mis-match, etc.

      Maybe I’m “old-school”, but in a corporate environment, I want patches tested before distributing or recommending them. Changes in RPC handling, opened ports, altered client authentications – all add up to lots of time fixing or tracking down problems. Like some have said, it keeps us busy and employed. There are risks associated with business and technology that must be managed.

      If it is up to me at our company, however, and “forced” updates come down the pike, I’ll lock the gateway to the network, and make my own admin installs of the patches. Our software development group keeps a good handle on Micorsoft OS relationships, but Microsoft’s priorities do not appear to include long-lasting support for earlier OS versions. Far too many client machines out there are going to be some legacy configuration, and server updates in combination with some auto-upgrade could mean we spend half our time surfing Tech-Net and the Micro-Knowledge base for some explanation of the latest conundrum while user productivity tanks.

      Identified virus’ patches are created within hours of being found. I would rather teach safe-computing practices in-house and provide sound domain policies, than send someone out to reinstall a manufacturer driver set after another “auto-update victim” installs a Microsoft driver for a new or legacy piece of hardware.

      Home users could certainly use some help when it comes to updating their OS. Many, if not most, couldn’t provide an informed answer to the questions asked when installing a patch, or answering a security question. My experience suggests that most hit the Enter and Space Bar keys as rapidly as humanly possible until messages stop showing on the screen. I don’t know the percentages, but a large volume are on dial-up and don’t have the patience to download a 130Mb service pack across a 24-42KB average connection. I don’t believe auto-updates will provide the relief admins are after for healthy corporate computer environments, until world-wide user bandwidth is addressed. With global connectivity as part of the formula, OS patching has a long way to go to provide a total solution.

      • #2667288

        I would go further

        by hal 9000 ·

        In reply to Corporate vs. Home Environment

        And say most home users couldn’t tell you what a “Cookie” was let alone how to run an AV product if it isn’t an auto scan on a regular basis.

        It is these people who would benefit for the security updates being auto applied but I’d want to see better scanning before any patches are recommended let alone installed on any home computer. Naturally business is different and that is what most people here are getting away from as they work in the industry they expect every one to at least know what we consider as a minimum basic level of security which is not the case with the average home user as most of them know nothing more than what the salesman told them.

        Col

    • #2667383

      Re: M$ force security patching?

      by nicholasdonovan ·

      In reply to Should M$ force security patching?

      Sure it’s a good idea only if Microsoft wants to take responsibility should their code break something in the users enterprise.

      As it is now, Microsoft is beholden to no one and when you install, you’ve signed your life away.

      Why should their patches be any different I guess?

      Nick

    • #2667382

      What a bad idea…

      by datamordechai ·

      In reply to Should M$ force security patching?

      First of all, I understand that the end user can be a bit of a pain at times. However, to me, they are Job Security. Ok, so little Tommy downloads some junk software/spyware, that becomes next to impossible to get rid of. Maybe the parents will learn once they have to pay me a few times to fix there machines. Secondly, I really don’t want MS telling me what patches to install without me testing them first. Mostly because I had to repair all of our workstations when MS came out with that first Security patch that supposedly fixed the gaping security hole in XP that the FBI had discovered. Wow, have we forgotton that already? Also, give them this control, and we all know what will happen. Soon they’ll be able to get very personal information off of your system for “security reason.”

      • #2667286

        What makes you think

        by hal 9000 ·

        In reply to What a bad idea…

        That they can not do that now?

        After all do you know exactly is sent to M$ when a fault happens?

        Granted most IT people will not allow this to be sent but we are talking about home users here not business users there is a radical difference.

        Col

    • #2667378

      Understanding problems

      by mkdsbunnell ·

      In reply to Should M$ force security patching?

      I understand the fear of MS big brother concerns but? I recently worked on a relative?s system that has been experiencing problems (like startup and shut down troubles) I asked if they had been updating their system with the MS updates and they gave me the deer in the headlight look. The system was unable to upload the security updates or except any anti-virus programs. Before I was hesitant of some of MS security patches but now I believe that the security patches and a few of the other recommended only updates should be automatic

    • #2667373

      Me too!

      by network_analyst ·

      In reply to Should M$ force security patching?

      I just spent two days salvaging my data after a security patch was installed on my machine. It shut down my firewall, made my WEB Browser completely dysfunctional, and wouldn’t allow my Norton’s Anti-Virus to complete its “refreshing” as well as a full system scan. Naturally, I couldn’t get any help from the vendor and kept being led toward these oblique WEB locations where vague recommendations did little to help me. I finally gave up and just rebuilt my operating system reloading all my software again. When I finally got my Norton’s working again, it found 16 viruses on my computer and my Aluria Spyware located 256 spawns!

      I don’t care WHAT the industry wants, an operating system that you PAY for shouldn’t allow everyone and their aunts and uncles to access your computer and pig it up with spyware, viruses, and worms. And, it sure shouldn’t shut down the software you have to buy to protect your system! No wonder LINUX is gaining ground.

      • #2667366

        I agree

        by datamordechai ·

        In reply to Me too!

        As long as things like this keep happening, Linux does start to look better and better.

    • #2667365

      Not necessarily a good idea.

      by l0ngjohns ·

      In reply to Should M$ force security patching?

      For home users, I see it being somewhat a good idea. There are still a lot of users out there that just leave their PCs open for the world to see. Furthermore, those same users are not involved in the tech field enough to know the different protections available to them including downloading patches.

      For business however, it’s not a good idea. We all know that the intent of patches is to protect the system but there are still possibilities that the patch will bring down a production system. That’s why configuration mgmt is important. Not just blindly installing a patch (or anything for that matter) is the best precaution for business, organizations, and the govt.

    • #2667364

      Always assuming the devil …

      by kaceyr ·

      In reply to Should M$ force security patching?

      After reading the majority of the posts I’ve come to the conclusion that there is very little understanding of the home user within the professional community.

      Much of the posts simply tout the superiority of Novell and Linux and declare Microsoft as the absolute evil.

      For those who feel that anything is better than Windows, I ask you: If the home user isn’t any good at keeping their Windows system up to date, what on this earth makes you believe that they’d do any better with Novell or Linux?

      The anti Microsoft camp always likes to point out how buggy Windows is and how many virii are out there that target Windows. Get a clue. Microsoft has the largest portion of the desktop market. That makes Windows the target of choice for anyone trying to cause a problem.

      I agree completely that Microsoft has several issues that need to be worked out for their plan to work, but I also feel that it’s the right direction to go.

      The corporate folks understand that if a single computer in their environment initiates some form of attack to the internal network, the impact will be widespread unless EACH workstation has been protected. To that end they test the security patches, keep anti-virus software up to date, and monitor their network traffic.

      Unfortunately, the corporate folks also think that everything that Microsoft says or does is targeted to them. This is simple arrogance. The reality is that Microsoft realizes that any one computer with connectivity to any others has the potential of wreaking havok. To that end they are trying to put together a plan that will protect the bulk of the “uncontrolled” users whether those users are in a corporate or a home environment.

      If you believe that this plan is a bad one then perhaps you’ll change your mind when you discover that the DOS attack on your neighbors broadband system is originating with your own childs home computer.

    • #2667362

      How would MS force them?

      by moonchildokc ·

      In reply to Should M$ force security patching?

      Obviously emailing the patch to the users with a message “download now” won’t work, as there are tons of these messages floating around now masquerading as MS patches that in actuality contain worms. I think it is best to leave it as it is. If you want the patches, go to MS’s site and download them so you know what you are getting. Yeah, most home users don’t know they are suppose to do these updates. I think education and reminders (as in the XP edition) that pop up and say “download me” are still the best bet.

      • #2667282

        To answer your question

        by hal 9000 ·

        In reply to How would MS force them?

        In XP there are several options one being not to do anything, the next to to notify you when there are patches available, then there is the option to download the patch and ask you to install it and lastly there is the option of downloading the patch and installing it without asking.

        Most people here would never dream of allowing the last of these to ever be considered on their networks but here we are supposed to be talking about “HOME” computers which most people have absolutely no idea about so if a new Service Pack or version of Windows only had the last option there would be no questions asked as it would just happen.

        Col

    • #2667357

      Force the updates

      by tglessner ·

      In reply to Should M$ force security patching?

      First of all, Microsoft has to come up with a better way to deploy the security patches. We use a SUS server which works great for windows updates, but there has to be a better way to deploy Office patches than through login scripts. Microsoft says that the new version of SUS will deploy office patches as well, but what to do until then? Microsoft should make it simple and automatic to do security updates. They should be forced. That’s my 2 cents.

    • #2667345

      Finincial Responsibility?

      by nospam ·

      In reply to Should M$ force security patching?

      As long as M$ is willing to take on the finincial responsibility associated with forcing a patch to a functional server that in turn takes that server down; go for it. However, I think we all know the answer to that question.

      • #2667280

        If Microsoft was willing

        by hal 9000 ·

        In reply to Finincial Responsibility?

        To take the financial responsibility for any flaws in their code we would still have DOS as the only PC operating system and even then not DOS of the Microsoft variety.

        Microsoft is not willing to take financial responsibility for their leaking software now what makes you think that they would be willing to accept it if they forced patches to be applied?

        Remember every Microsoft product is “Install at your own risk!”

        Col

    • #2667338

      I agree

      by martyb ·

      In reply to Should M$ force security patching?

      I agree with PGM554, since I’ve had similar experiences with clients, friends and relatives. The last place I went had 35 undownlaoded MS updates, and as we all know those patch security holes. The average public needs help. Maybe auto-patching could be left open as an option or set up in a “home” version for the general public, and optional in a “professional” version.

    • #2667332

      Not in a perfect society

      by dracowiz ·

      In reply to Should M$ force security patching?

      When Microsoft can be sued for failure to secure, then by all means they should force the updates — as far as security is concerned. If the updates reduce functionality or change basic mechanics without regard for security then those aspects should be at user or system administrator descretion.
      But yes to Security

      • #2667277

        In a Perfect Society

        by hal 9000 ·

        In reply to Not in a perfect society

        This would not be an issue as Windows would work as it is claimed with no undocumented features.

        Col

    • #2667325

      Absolutely Not !

      by p.evin ·

      In reply to Should M$ force security patching?

      There are patches that get put out there as buggy, not to mention slow it down.

      If they enforce it, I will switch my operating system.

    • #2667323

      Absolutely Not !

      by p.evin ·

      In reply to Should M$ force security patching?

      I am also an IT professional and some of the patches that are released are as buggy and the host PC. I would rather rebuild it if it came to that.

      If they start to enforce patches, I will switch my operating system.

    • #2667321

      If you have no life, then YES patch away

      by ken lillemo ·

      In reply to Should M$ force security patching?

      I think that automatic patching should be the default setting. This will address the bulk of the home users.

      However, we should be able to turn this off for areas where configuration management is a primary concern. Many process control systems and servers require a system certification.

      In a process control environment, system certification is used to ensure that production processes run the same from day to day. How would you like to fly in an aircraft constructed by processes that were not well controlled?

      In the case of servers, configuration management is important to avoid interfering with a variety of data transactions. The realm of possible transactions makes it impossible for Microsoft to know what to test before rolling out a patch.

      If you live to work, then go ahead and let MS patches through unverified. If you have a life outside IT, then keep control of your processes so you can be free to enjoy life outside the prairie dog warren. Note one other factor, automatic patching by Microsoft can be MEGA job security.

      • #2667315

        Absolutely impossible

        by oz_media ·

        In reply to If you have no life, then YES patch away

        MS patches are famous for causing more problems than they fix. Having end users autopatch is going to create a massive problem with thier PC’s.

        I will be called out for stupid patch removal jobs everyday just because MS had forced a patch that doesn’t work. If ANYTHING, this could be used for experienced users who can fix their own PC’s but anyone with experience would never trust a MS autoupdate.

        Would you let Ford perform routine maintenance on you car without your prior consent and if the work actually damaged you car YOU were responsible for paying to have it fixed? Of course you wouldn’t.

        How many people would be trying to sue ms if they got a bad patch and had to pay $80-$150/hr to repair it?

        There’s no WAY in hell that MS woud make such a stupid business move, it would be thier end I’m sure. Who is going to buy a MS OS? They are already seeing alternatives to the os now that are just as functional and easy to use as Windows without the headaches and security issues. I don’t think they would continue to purposely push people away by screwing up thier PC’s more than they are already. Once the horror stories and law suits begin, who’s going to buy MS? WHo’s going to upgrade to the new OS if thier current OS doesn’t auto patch? My guess, MS employees and nobody else.

        Lets see, you buy a new service contract, the tech comes by and patches your system and it starts having problems, your browser doesn’t work, it crashes etc. You call the tech and he wont come and repair it for free but suggests that you call BCD computers and pay them to fix it. A month later the first tech comes by again and wants to patch your PC again, you are under contract and he’s the’patch guy’ so he goes at it again, your computer gets screwed up and you are forced to pay another BCD tech to rebuild it.
        A month later the first tech turns up (the patcher), will you be letting him patch your system?

        This just doesn’t work, it is a ridiculous theory to begin with.

    • #2667320

      Absolutely Not!

      by misdude ·

      In reply to Should M$ force security patching?

      There is no way that I would ever install, or endorse the installation of, ANY Microsoft product that automatically downloads and/or installs their so-called security patches. As an IT professional, I routinely disable the ‘Automatic Update’ features of Win2k and WinXP, to save myself hours of headaches & repairs.

      First and foremost, I have yet to discover an MS patch that effectively blocks spybots, trojans and the like. The ONLY truly effective way to guard against these types of attacks is to stay off of the internet entirely. I have experienced hundreds of sites (including so-called Christian sites) that routinely install ‘bots onto the end-user PC without their knowledge, and a great many of these programs are specifically designed NOT to be easily un-installed. The same is true of modern computer viruses. All of the experts agree that the best way to guard against becoming a victim of a virus attack is to be smart about your browsing & e-mail habits – avoid potential problems before they occur.

      Secondly, I can’t tell you how many times I have installed a MS ‘Security Patch’ onto a server or workstation, only to discover that the patch is defective & it ‘breaks’ more than it ‘fixes’. I spent over three hours one night trying to figure out why the RAS service on my NT e-mail server failed to start after installing several patches & rebooting the server. A search of the Microsoft web site found no answer, even though it was impossible for them not to know that the patch was defective. Luckily, I hit upon a user group where several users had experienced the exact same problem, and had graciously posted which MS patches had to be de-installed to resolve the problem.

      I spend well over eight hours a day teaching end-users how to use the scroll button on their mouse, how to create distribution lists in their e-mail program, and how to apply formatting to their Excel spreadsheets. Typically, I spend much less time actually completing the ‘mission critical’ aspects of my responsibilities, due to all of the ‘little fires’ I’m putting out all day long. The last thing I need to for Microsoft to force-feed defective software & patches onto my systems so that I have to research, de-bug and repair what they have broken – there simply aren’t enough hours in a day for that!

      As for the concept of forced patches for home users, when did our society degrade to the point that people are no longer to be held responsible for their actions? Rather than Microsoft forcing updates to home PCs, they should make an effort to educate the home users in effective countermeasures to guard against virus & spybot attacks. What a novel concept – educate the end-user!

      • #2667275

        But if

        by hal 9000 ·

        In reply to Absolutely Not!

        Microsoft had even half way decent code in the first place this just would not be an issue. All these security patches and I’m only talking about the security patches and not the recommended or driver updates plug holes that are in the system that should never have been allowed to be there in the first place.

        Maybe if Microsoft had bullet proof code in the first place you would not be spending so much time putting out all those little fires as they just wouldn’t happen in the first place because the OS wouldn’t allow the end user to mess up the system.

        Col

    • #2667318

      Require patching

      by terrybs ·

      In reply to Should M$ force security patching?

      I agree with pgm554. I have also, in recent weeks,spent time cleaning up computers of individuals who do not keep various patchs and virus checking software up to date one system had 182 corrupt files.

      • #2667314

        You really think auto payching is the answer?

        by oz_media ·

        In reply to Require patching

        It is not possible, the theory woldn’t hold up for too many reasons.

        email list unmanagelable
        lawsuits
        retails sales losses

        For examples see the post ‘absolutely impossible’ the entire concept is insane, not to mention practically impossible.

        If that’s the case, who the hell is gonna buy Longhorn? The same dummies that screw up their PC’s no matter what is installed.

    • #2667313

      mm..No! I would like a choice!

      by celloman ·

      In reply to Should M$ force security patching?

      If some new user has NO idea of what they are doing with a PC, a.k.a. children having the run of a system with clueless parents, then force away.
      However, for us pro’s out here, knowing about buggy software, etc., WE want the choice to update or not. No ‘Professional’ I know of immediately accepts MS stuff, we wait for a time and let reports come out about the update(s). Norton, McAfee, Zonealarm products I trust and update immediately, but MSoft? ha! Microsoft’s been using the unaware public for years now, instead of in-house testing on both Alpha and Beta levels, then sending out to pro’s who would like to further test their software on their own systems and sending back their own reports for final testing in-house again — MS just lets the public at large do this for them. Force u say? Are you people crazy now?

      • #2667272

        Actually it is no more crazy

        by hal 9000 ·

        In reply to mm..No! I would like a choice!

        Than allowing the product to be sold in the first place before at least 2 – 3 Service Packs have been produced.

        What Microsoft is effectively doing is having a lot of Beta testers who pay for the privilege and then pay again when they have problems. It is from all of these “reported” problems that Microsoft learn what to make as Service Packs or patches/hot-fixes. When you think of it that way it makes some kind of sense and is no worse than being first off the rank to install new OS’s and software just because it has been released.

        Remember the lines that formed in front of shops when 98 was released?

        Col

    • #2667311

      forced patching

      by bywhatnow ·

      In reply to Should M$ force security patching?

      I’m with you on the forced patching. I own a small computer store/repair shop. While it appals me to think that I would be forced to give anyone that much control over my system, I see the results every day of un patched systems. I am just not sure that Microsoft forcing patches alone can fix most of these problems. I see every day machines with good “name brand” anti virus software loaded and thier machine is full of virus’ and mal ware and spy ware. Of course they haven’t updated the DAT files in 6 months. So, if we allow Microsoft to force updates, do we then open the door for ALL “other” software vendors to do the same? This scares me. Just my thoughts, I would love to hear yours.
      Michael

      Thats My Story An I’m Stickin To It

      • #2667270

        Actually I have not seen any one

        by hal 9000 ·

        In reply to forced patching

        Complaining about Symantec auto updates for Virus Definitions here. Recently I’ve seen these run several times a week and it is considered as a feature.

        So what exactly is the big difference for “HOME” users in letting Microsoft auto update than in allowing Symantec do it?

        Col

    • #2667300

      Excellant Idea

      by mojicj ·

      In reply to Should M$ force security patching?

      As an IT Professional, I think this is an excellant idea. If everyone kept up with their patches then half of these worms and viruses wouldn’t even be a factor.

    • #2667292

      Integrated ‘features’ worse than OS problem

      by wonder warthog ·

      In reply to Should M$ force security patching?

      I intentionally avoid loading portions of updates due to their incompatibilities with other hardware/software. These include DirectX 9 and WPA to name two. Until/unless true security patches are seperated from ‘improvements’, I’ll not allow auto-update on a home machine. (And no, DRM is not an improvement either.) Compatible business machines – yes. Breaking something to fix something else moves the problem from MS to me. Not my job.

    • #2667289

      No

      by mccann_kathleen ·

      In reply to Should M$ force security patching?

      I purchased a new system last June and the have had problems with automated updates from Microsoft on a number of occasions. Each time I have encountered a problem I was able to resolve it easily by running system restore to remove the latest Microsoft emergency security enhancement. In fact this is now my standard first step in troubleshooting and it has worked every time. I guess they get it right eventually, but I resent having to back out these unasked for changes.

      I also MIGHTILY object to the use of IM to inform me when my system was not in compliance. This caused me untold grief. I tried to rename the messanger but on the ext update it was restored. I dont like IM, don’t use and dont need Microsoft using it to annoy me when I am busy doing something else.

      As far as I am concerned the only unnvited hackers on my sytem are Microsoft developers.

    • #2667285

      Thoughts to push out & up!

      by d_s_w_ ·

      In reply to Should M$ force security patching?

      Although for home users dynamic patch application sound good, the problems mentioned are valid. Everytone of us have experiensed the frustration on having somthing that worked forever — suddenly stop. Maybe the solution is for the OSs and Software-Products to capture abends and tell the user all patches applied previously in reverse order. That way the person has the option to back-out the patch, try the failed software again. The OS should capture the sequence and notify both vendors of the BUG (for our image sensitive vendors ‘interface evelutionary problem’. NOte that the patch will be re-applied on the next cycle, unless the vendors include additional code to wait for the re-patched patch for that user.

      For the Corporate IT community, a inhouse distribution version is needed to allow these people to maintain in-house platform certification and DR/BCP compliance.

    • #2667273

      Better Idea

      by Anonymous ·

      In reply to Should M$ force security patching?

      We just spent two days reimaging systems that the latest microsft patch broke. Patches will do that, particularly when you have an extremely mixed environment (different applications, hardware drivers, etc…).

      A better solution would be to Build a tight, minimalist (ie no integrated browser, media player…) Core OS, with a published, rigid, standardized API, and messaging layer. That takes car of the technical holes.

      Certainly I think it is a great idea to have a very noticeable alert that a patch is available, but until “uninstall” works flawlessly. No way I want you pushing it to me without my say-so.

    • #2667271

      No way

      by sharding ·

      In reply to Should M$ force security patching?

      Let’s see, I am a home user with my Quicken files that I, of course, haven’t ever backed up and now a forced patch totally screws up my system for whatever reason (I’ve had it happen before with MS patches, especially ones for hardware). So now, I’m basically SOL and lost X years of financial information. Sounds like a law suit brewing to me.

    • #2667269

      Windows update trojan or virus?

      by mgomez2010 ·

      In reply to Should M$ force security patching?

      On the 7 of April 2004 I was installing Win2k on my system. When I was done I started installing Windows Update patches because I could not load any software that need at least Windows SP2. After that I put Zone Alarm on to protect me right away from the internet. When I was done I kept noticing that a svchost.exe was trying to access the internet so I denied the service a couple of times. Now mind you that these were the only things so far that I have installed. I did not go any were else on the web except Winupdate site. So next I installed Norton AntiVirus 2004 and during the initial scan it discovered Backdoor.Rtkit, W32.Welchia.B.Worm, W32.HLLW.Raleka and Trojan Horse. Now everything I install on this computer was on a cd or from Microsoft. I’ve been in the computer field since 1998 and I have never encountered this problem. I have read an heard that crackers have started to hack patches and up dates. Could they have penetrated Microsoft and exchanged a good patch for a hacked patch or is this a ploy to keep antivirus software companies employed. This maybe a ridiculous idea but it happened

      • #2667245

        Update Trojan

        by farreym ·

        In reply to Windows update trojan or virus?

        You have never encountered Welchia? Go read up about it.

        This particular virus spreads across the network and probably infected your macine before you even reached the windows update site. It attacks machines without a certain set of updates from July 2003 and it has been around since August 2003.

        I now keep newly built machines disconnected from the network until the latest service pack and a handful of super critical patches are applied. I have them on CD from easy access.

    • #2667268

      How about forcing M$ to produce less buggy software.

      by pirate? ·

      In reply to Should M$ force security patching?

      Let’s face it, people like to throw monkey wrenches into the machinery, if only just to see the sparks. So what to do?

      Instead of forcing the public to buy buggy software, M$ should be forced instead to quit making users be their beta testers and deliver software that gives the bad guys less to work with in the first place.

      With all the money floating around Redmond, maybe some of it should be spent on outside experts who don’t have to knuckle under to the sales department and force the fixing of flaws BEFORE shipping.

      I know this is likely impossible to enforce unless Bill suddenly gets the religion.

    • #2667257

      Enforcing anything? You must be kidding!

      by cyberblatt ·

      In reply to Should M$ force security patching?

      Who would by a crap like that.As long as innovation motivated MS they were on a good path with the Windows OS until w98 SE. Since than, their motivation changed towards domination and thus we see more problems.
      What is in the patch? Are you sure it is something to improve and protect your OS or is it
      just updating the Orwellian digital madcow to pull more money out of your pocket with creating continuous problems. A brand new and freshly downloaded Media Player 7 has a spyware and/or a magnet-hook (doors)for adwares. No wonder Europeans want a version of windows without the Media Player. I have unistalled it after the second test-run showed spyware content again.
      I do not patch anything I have stopped that a year or so ago. Even disabled automatic updating.
      I do not take any crap from anybody to put on my machine without me wanting it.
      Have a good virus scanner, an extra firewall, spyware scanner and cookie controll tool.
      Control all start-up and active programs. You will not see any popups or garbage again. Clean cookies after each session when ever possible.
      Do not use outlook at all. Use web-based email as your main and the one from your ISP as spare only.

    • #2667227

      Unpatching Is the Real Issue

      by maco ·

      In reply to Should M$ force security patching?

      We all “automatically patch” already: a message appears saying, “Critical Update!” and we maybe read about the “buffer overflow that could cause an attacker’s code to be executed” if we have time, then despite the notice, “This patch cannot be uninstalled,” we click “Install”.

      If only the patch description spoke the truth:

      “This patch breaks a legacy app critical to your business, and because it cannot be uninstalled will cost you 8 hours per machine restoring each of them to working order. Do you wish to proceed?”

      We don’t really know whether a patch is going to break anything or not until after we install it, so “forced patching” is for most of us merely a nod to the inevitable — we were probably going to do it anyway.

      The real issue is the ability to uninstall patches and keep them off until a new patch is released.

    • #2667185

      RE: Should M$ force security patching?

      by doshelp ·

      In reply to Should M$ force security patching?

      For the most part, YES..the simple reason is my site DoShelp.com sees reports of users being infected by exploit/trojans and virii which have long since been patched. It doesn’t matter if you don’t know how to do it, forget to do it or don’t want to do it…..

      If you don’t patch you are going to become a problem for others on the net! I cannot count how many I have helped who when asked about “did you run windowsupdate” they say HUH?!? YES I think forced updates (including updates for unregistered users should have software updated.

      Regardless of a users desire to upgrade, ability to remove by patching should be available to EVERYONE!!

    • #2667175

      Who Owns My Computer?

      by holdcraftm ·

      In reply to Should M$ force security patching?

      Who owns my computer, me or Microsoft? Answer: I do, therefore I decide what software is loaded on my computer, and I decide when or if I ever upgrade. If Microsoft starts to force upgrades and security patches on me, then I go look for other vendors software.

      • #2667074

        BUT who owns the software on your computer?

        by hal 9000 ·

        In reply to Who Owns My Computer?

        It sure as hell isn’t you if you have taken the time the actually read the EULA.

        The best that can be said is that you have purchased the right to use the software on one computer and that the maker {Microsoft} can demand its return at any time.

        Now would you like to insist that you actually own every thing on the HDD on YOUR computer?

        Col

    • #2667168

      Disagree

      by zati16 ·

      In reply to Should M$ force security patching?

      I pretty much like to choose myself which updates&security patches to download&install, so I don’t whant M$ to do these things for me without my knowledge or to force to do so.

    • #2667167

      Yes, with conditions

      by supercub ·

      In reply to Should M$ force security patching?

      Greetings to all,

      Yes they should force patches AND,I suggest they should have to credit a part of the purchase price for all over a reasonable number of patches.

      Everybody is driven by the Almighty Dollar,

      My 2c worth, R

    • #2667151

      NO – should force secure programming

      by deadly ernest ·

      In reply to Should M$ force security patching?

      Often the patching process can interfere with the operation of applications, thus the decision to pacth or not should be the users. Also to force security patching would require the system to make regular checks of the MS site, not posssible if the PC is NOT connected to the Internet.

      MS should force their people to design and write secure software and to properly test it prior to release. Many of the security problems in Win XP had been noticed and notified to MS in previous versions of Windows, as had many security problems with MS applications.

      Considering the push that MS has been placing behind the Secure Computing concept, their low concern with security in the basic software design is either a major anomoly or a deliberate fault design to assist their Secure Computing PR program.

      • #2667071

        Come-on get real

        by hal 9000 ·

        In reply to NO – should force secure programming

        At the Product Release of 2003 Enterprise Server the Microsoft Zombies went to great lengths telling us all about their new “Trusted Computing” and just how secure the new product was. What they didn’t say a single word about was the hole that they had known about for over 6 months previously and that took another few months to patch.

        Microsoft & Trusted Computing tell me another as it is far more believable that WW11 just did not happen and there are no Atomic Bombs that have ever been made.

        Col

    • #2666984

      FORCE NOTHING AND HAVE FULL COMPLIANCE

      by fluxit ·

      In reply to Should M$ force security patching?

      The trick is not to force compliance or write laws or invade alleged privacy. We need creative thought to solve the problems such as design encapsulated systems in which the operating system is burned into a chip or CD and stored internally (sealed inside the case). This offers several significant design advantages.

      1. Imposters, trojans, worms, and other viri cannot replace operating system files thus maintaining a high degree of integrity.
      2. Malicious software may destroy CPU’s, RAM, or hard drives but the operating system will remain in intact.
      3. Recovery can be instantaneous. By pressing a button sequence or turning a key the system will clear everything on a harddrive and reboot immediately without a problem.
      4. Permanent upgrades, updates and security patches can be mailed from online or purchased in the store. Another approach is if the operating system is burned in a EPROM a direct secure connection can download updates and burn them into the EPROM then lock it.
      5. If the price drops low enough on chips and electronics then design the systems completely sealed as disposable appliances. I can see this if several technologies combine into one. For example, a chasis could be purchased that has modular plug ins for a stereo, VCR, TV, computer, and phone. Its a all-in-one box approach. This kind of approach is being thought of in the auto industry too.

      Depending on the direction of computing in the future these approaches may be obsolete. Especially, if systems and computing become human centric and distributive (meaning one leases computing power over the internet and does not own the CPU.)

    • #2667973

      forget forced patching

      by richard vickery ·

      In reply to Should M$ force security patching?

      forget forced anything from M$, what I did was switch to something more reliable, and, I might add, more fun to use: Linux or some other unix variant. Of course, if one wants to continue using a flimsy platform that multiple holes, security, and uptime issues, onne is certainly free to do such.

      • #2667961

        While a nice idea

        by hal 9000 ·

        In reply to forget forced patching

        It is not a piratical option at the moment in the business environment for desktop use as there are far too many people used to the Microsoft products and those that will only run on a Microsoft Platform like MYOB and its ilk.

        Then there are the home users who like my son only want to play games now if I was to insist that I load any form of Linux onto my computer at his place and he suddenly found that he couldn’t play his favorite games all hell would break lose. Until a lot of the current applications are available for the “Nix” platforms it just is not going to happen no matter how much better that they are.

        Col

    • #2668939

      sorta — kinda

      by oldgoat663 ·

      In reply to Should M$ force security patching?

      Weighing in as a construction manager / engineer and the local “guru” on the side (and definitly not an IT professional; typical system at a location is 3-5 cpus networked to a router for broadband access) I have the following observations:

      1. Most users objective is to do their business, and use the computer to help them do their business. Becoming more knowledgeable than turning the machine on and using their applications does not achieve progress towards their objective (in their short sighted view). They will never learn. Case in point: I rescued an Architect from some virus. (It had him shut down for a week before I happened at a site adjacent to his. Went on the internet and had TrendMicro’s Housecall scan it.) Told him flat out — GO GET AV NOW and install it. 4 weeks later, not installed, he says he hasn’t had the $40.

      2. Windows vs. *nix and whatever: I am not married to Windows, but I have lots of experience with it. Remember the old saying about “the devil you know rather than the devil you don’t?” Also, there are several (expensive, typically vertical) applications that are specific to Windows. Maybe one day someone will come out with an OS similar to how Borland changed me from 123 to Quattro — key stroke for key stroke compatible, (no learning curve), 1/4th the cost, and look at all of the addtional things Quattro will do. Then I could switch systems at minimal cost to production (remember #1 above?)

      3. Yes, I think Windows should ship to automatically update itself with a switch buried deep to allow IT professionals to turn this off so that they can control their systems. This way, the idiots out there at least will have some defenses.

      My regularly e-mailed instructions (which I practice) to the folks that I work with (mostly ignored) are simple:

      a. Use Windows Update to keep the OS updated.
      b. Use Antivirus and keep your subscription up to date (I use NAV)
      c. Use a software firewall. (I use ZA plus)
      d. Use a spyware buster. (I recommend Spybot)
      e. Don’t open weird e-mail (I send other users examples of social engineering)

      Do the other users get it?? NO. Am I wasting my breath?? Mostly. Has this strategy worked for me?? Yes — ZERO infections to date.

      4. I know, I have heard the various stories about the screwed up patches that MS has put out, but what choice do I have?? I do not have the resources or time to test patches before applying them to the ONE CPU that I use, and my assessment is that the dangers and costs of not patching significantly outweigh the problems of bad patches.

      5. The increasing complexity of computing is causing learning resource overload. Moore’s law also applies to the body of knowledge needed to keep up. For example, I do not bother trying to fix Win9x problems. (upgrade to Win2K, XP, or call someone else.)I have enough troubles keeping up with Win2k AND XP. Things sure have changed since I learned FORTRAN in 69.

    • #2668749

      Make it so….

      by wpwalsh8 ·

      In reply to Should M$ force security patching?

      If anything, home users are the worst offenders for updating virus protection. There are enough vulnerabilities with each new release of Windows, due to Microsoft just trying to get the product on the market. They are exploited everyday. Microsooft should take a proactive approach to securing the product that they are ramming down everyone’s throat.

    • #2732902

      RE: Forced Patching

      by raymond w. ·

      In reply to Should M$ force security patching?

      Interesting the range of responses and knee jerks (of all directions and quality) that this brings up.

      My own opinion is that it should be left to the user. I know that the majority of the user population is clueless and a siphon for all the bad things that are causing problems on the net, but consider some things for a minute.

      This is Microsoft we are talking about. The company that would rather pour money into killing possible competition than fixing known program problems.

      Can you imagine what would happen to John and Jane Doe if the forced patching were compromised?

      At work, most of us in larger companies are isolated from this issue by the upgrade vetting process and pushed updates. We would probably not see an issue of a compromised updater. But the rest of the world who rely on the normal updating will be at the mercy of anyone smart enough to crack (or be given) the update process. I am assuming that the update will be requested from the user’s PC and not pushed by one of Microsoft’s databases, that is why this is a mild response.

      Now those of us who have our own firewalls and set them to ask before allowing Microsoft processes through may be safe, but if man can make, a kid can break.

      Thus my vote would be to say no to the forced updates. For my home computers I prefer to wait until the “Microsoft is God” the “semi-clueless” groups test out the patch and see if there is a problem. There have been a couple that I was glad I waited a few days for.

      (kind of rambling, but the small window makes it hard not to)

    • #3307205

      Never!

      by foringmar ·

      In reply to Should M$ force security patching?

      Microsoft should be forced to make a secure product. Microsoft should be forced to make the product secure before they put it on the market. With 50 billion dollars in funds they should be able to do it too. If they want to. But they don’t want to, because that way they can make more money out of us users.

      I’m currently using Windows 2000. It will probably be the last windows version I’ll ever use, because it is the last windows version so far without product activation. I will never use a software product with product activation.
      Using a product with product activation is taking the sign of the beast as mentioned in the bible. I refuse to do that.

Viewing 55 reply threads