20-04-04

questions for microsoft and its patches

1.By making such superpatches Microsoft obliged everyone at the same time to download them from the same sites - and crashed the whole thing. Wouldn't it be better that those patches are mirrored around the world by partner-sites

2. By making such superpatches Microsoft made a religion of its second Tuesday celebration. Some of these things should have been patched already long before. I am not sure but shouldn't certain kind of networks or internetservers be patched immediately ?

3. By making such superpatches available to everybody at the same time, Microsoft obliges the network administrators to install the patches without much testing because the possibility is quite high that exploits can be made available in 48 hours. If the network administrators with a SUS could receive it on friday, than they could test the consequences in their test-environments before.

4. Is it for a mogul like Microsoft impossible to make it extremely difficult to reverse-engineer their patches ?

5. Is it so difficult for the security community to stop publishing vulnerabilities with the exploit code for microsoft applications until after - let's say - 2 patch cycles. Ok information is important. But what is more important, knowing that internet explorer can send automatically pages to the printer and that Microsoft is working on the problem or the full disclosure with the code to do it enclosed ? (http://www.securityfocus.com/archive/1/360007/2004-04-06/... full disclosure is illegal in France)


00:19 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.