IT Employment

General discussion


Should M$ force security patching?

By pgm554 ·
Rumor has it that Longhorn will enforce security patching.

Up until now I frowned upon any body forcing me to anything until I test it thoroughly.

However, this weekend I just spent the most part of Saturday and Sunday patching and scanning a friend of a friend?s home system.

I, as an IT pro, keep up with security patches and such, but looking at an end users home system, gave me a view from the M$ side.

The system was a zombie nightmare (backdoors galore, a disabled firewall which I could not re-enable, and even after I cleaned the system and loaded Norton, the updates would not load).

No virus scanner, no patching, and kids downloading whatever looks cool.

I'm sure this system is not an exception to the rule.

Now, I?m not so sure that forced updates for a home user system, is not such a bad idea.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

I think so

by Eric-M In reply to Should M$ force security ...

I think the route that Microsoft is taking on XP SP2 is a very good one and can be extrapolated even further for longhorn. From what I understand the firewall is turned on and some services are disabled (like Messanger). All of those actions can be 'undone' easily in a corporate environment using group policy. I would hope most corporate environments are already using a patching system, (even SUS is better then nothing) so they are already most likely using GPO to modify automatic update settings on clients.

Enabling automatic updates by default would cover the home users and corporate environments that are irresponsibly not patching critical security holes, while at the same time allowing for the ability to deliberately disable automatic updates and do nothing about managing updates.

Of course that would mean Microsoft would have a greatly increased duty to insure that a patch like 811493 never comes out again. (


Collapse -


by Oz_Media In reply to I think so

Or 832894.

Having the mosy unreliable company in the industry, provide AUTO patching to unsavvy end users (who will say YES to anything MS wants them to download), in order to patch yet another unstable and unprotected operating system is absolutely crazy.

I will wait forever before installing MOST so called 'important security ipdates' as they usually have a patch for the oatch within a few weeks because SOME people install everything MS releases instantly. They are like sending out the probe when it comes to exploring patch issues.

have all the MS junkies install first, they can complein about all the problems and pay on a per call support to MS. Once the issues are discovered as widespread, MS will issue yet another patch for the patch.

In all my time as a Novell Engineer, I have applied perhaps two or three 'patches'for security vulnerabilities and that is only if a custoemr meets the specific instances they mention.

Now, with MS being such a wonderful and chosen favorite by many, you would think that the R&amp would be so extreme that they would RARELY need to patch their well engineered software, you would THINK.

So why doen't the all great and mighty MS, just release an OS that works out of the box? They are more interested in revenue and release dates that refining the product isn't in the cards. A few Alpha's and Beta's and it's time to release the next new and improved MS OS. It boggles my mind how such an untrustworthy and bug ridden software designer could possibly stay in business by producing so much garbage. Can you imagine if your car was as reliable as their OS, you'd be scared to start it or even try to apply the brakes? If your buildings sprinkler system was a MS product you'd all burn and die. IN all other areas of manufacturing and production, MS wouldn't even get out of the starting gate, with PC's which many users have no former knowledge of before buying one, they are practically forced to buy one with XP Home edition in it and then expected to keep it secure, it's not fair, it's not feasible, it's not good business at all.

as you can see, I could drone on about MS garbage for days if I had the time. It just holds no water as a viable business solution nor a stable home operating system. there are so many better products and choices, unfortunately, those choices usually aren't available at the retail or end user level without an upgrading cost incurred. But MS is not forcing products on anyone and nor do they have a monopoly on the market, they are a fair and true player......uh, yeah.

Collapse -

OZ while I tend to agree

by HAL 9000 Moderator In reply to 832894

You are however totally wrong about the fire suppression system if it was really controlled by a Microsoft Product you would certainly burn when there was a fire but more likely than not you would tend to drown as well when there wasn't a fire about.

I'm no great believer in Windows XP or any other form of Windows but it is the industry standard and I'm surprised just how many people think that they have to have Microsoft on their desktops.

But while I'm personally against forcing people to update automatically when ever a new MS Patch becomes available for the home user it is some times helpful as it currently is very rarely done. What is another of my pet hates with MS's updates is that you have to visit different sites to get the required patches for different MS product so even if Windows was kept up to date all the rest of the MS applications are left un-patched.

That could be a contributing factor of why I install Linux on every occasion that I can and constantly recommend it to all the "Home Users" that I deal with as in these cases the software quite often is worth far more than the hardware. But then they want to play games written for Windows and that is where everything falls down but with a new version of Linux that I'm currently testing it is supposed to be able to run all MS applications on the Linux desktop.

Currently I only have it on a 200 MMX Pentium that was lying around but as it looks so promising I'm in the process of building another unit to fully test it and then if it works only half as well as it is claimed I will not need to install Windows on any more "Home Computers."

Well that's my dream anyway.


Collapse -

Ley me know

by Oz_Media In reply to OZ while I tend to agree

Let me know how it works out. I have plyed with the older Lindows and stuff, and am also happy to offer a Linux alternative to all my users. Most of them are now using Ximian XD2 Novell Linux, I feel like i'm gonna have to find a new line of work again as they never call with problems. The netwrok monitoring has turned into a daily report and simply a formality as nothing ever goes down or hangs or crashes or dies or ....

Collapse -

Never again

by igotspamed In reply to Ley me know

I am in the process of installing os on 4 systems. One of these systems has already gone down. M$ programing has cause p4e's to endlessly loop at full bore on a number of occtions. These systems are for a office enviroment where to ask users to watch things like temperatures and processor activity makes them nervous and afraid to use the computer. Heaven forbid an xp system go down because the hacking a trial and error approach I'd have to take would make me look like a complete fool. I've had to break in to systems so many times I don't think there is a single secure element at the terminal level. Security packs, the upload manger and who knows what else will alter settings at random. Although a system works fine now there are no garentees two hours or two weeks from now. That mean printers failing, lans and wans. I can't ask someone to fool with the network connections wizard to try and get the internet back up. I've got enough problems with routers and modems as is. M$ went to far with sp2. I'm in the process of installing Gentoo Linux on a P3 which will in turn unpack p4 software on a second drive with will go into a p4 system and be installed on the sata drives from there. M$ is no longer welcome on my systems.

Collapse -

Actually I have the same problems on a Dual Processor

by HAL 9000 Moderator In reply to Never again

Work Station running XP Pro as I regularly see the CPU's running at 100% for long periods of time and this is after I shut things down.

I also had a Quad Processor Server where the CPU's could not be made to run at anything better than 20% with 2003 Enterprise Server installed. M$ answer was that it was fast enough anyway so why bother but I felt that my customer was not getting what they had paid for with only that amount of workload being available through the CPU's. Once I installed SUSE onto the unit everything worked perfectly and that is how it has stayed running properly and best of all the customer is none the wiser about what they actually have on the new server as they think it is a Microsoft Product but they can not believe just how stable it is.


Collapse -

OZ the products name is

by HAL 9000 Moderator In reply to Ley me know

Xandros Desktop ver 2 and while it is heavily Debian based it has quite a few differences as well. Currently I haven't had the time to have a good play with it as yet but I do have a new P4 system that I'm going to try it on when I get the time. But just going from the original install it claims to have some interesting features and the copy installed on the 200 MMX works quite nicely on the Windows Network picking up all the Windows machines without any trouble.

I was going to spend Easter playing with it but after making sure that I had nothing on so I could have the time to give it a good workout I've been out working at a business where their whole network has gone down because there where no current AV Definitions on it and no M$ Patches. At least they had a full backup in place so I've only had to reload 100 computers & servers So I'm guessing that the Easter treat just is not going to happen.

Now if only I could find a way to prevent most of what I'm earning over Easter going in Taxes as there will be something like 60% + 10% GST.

So if you want to have a play with it you very well might get to have a look long before I will. It claims to be able to run M$ applications but if this is just "Wine" installed that allows this to happen I'm not as yet sure as I haven't had the time to have a good play with it.


Collapse -

Winodws Compatibility

by shardeth-15902278 In reply to OZ the products name is

Actually, If I remember correctly, it is Codeweavers Crossver Office Plugin that Xandros has licensed for windows Compatibility. It is a little more sophisticated than wine. Works quite nicely, what little bit I have used it.

Collapse -

Thanks for the info

by HAL 9000 Moderator In reply to Winodws Compatibility

I appreciate it as as yet I have not had much of a chance to play with it and even now it is on a sub-standard unit just for initial testing purposes.

When I load it onto some thing far more powerful it should prove interesting.


Collapse -


by BloodyUsername!! In reply to OZ while I tend to agree

I really should read a full thread BEFORE I ask questions.... :)

Related Discussions

Related Forums