[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: RE: Shame on us
From: "John Hauprich" <jhauprich () mscmail ! gsfc ! nasa ! gov>
Date: 2005-12-14 14:36:40
Message-ID: NNEIIIFOBIOFCPBCPHMDCEILCOAA.jhauprich () mscmail ! gsfc ! nasa ! gov
[Download RAW message or body]
All right. I will chime in. Of every OS manufacturer, Microsoft is by far
superior providing not only critical patches, but a simple mechanism which
to deliver them with. Consider that Microsoft has more licensed (and
unlicensed I might add) seats in the world then any other OS. I think we
should consider how fortunate we are to administrate a desktop platform that
is so tightly integrated with networking capabilities and built in patch
update systems. If as sysadmins, you don't wish to think or resolve
patching issues, you might consider a new occupation. It sounds to me like
some are whining. Every system that I receive from the OEM, I rebuild and
patch immediately, not depending on the vendor to have done their job and
use AD to create group policies for patching. I understand that the end
user is not nearly so savvy as we are who have been in this business for
decades. However, in this day and age, with all of negative information
users hear and see in the media, they would be insane not to believe that
they have some part in the security of their assets. As for Microsoft, I
for one am damn happy not to be administrating 1000 UNIX boxes and grateful
for all the strides they have made. I will now get down off my pulpit.
-----Original Message-----
From: Krieger, Zoel [mailto:zkrieger@hss.sbcounty.gov]
Sent: Tuesday, December 13, 2005 6:07 PM
To: Patch Management Mailing List
Subject: RE: Shame on us
I did not count them out or anything, but on both systems, I patched them to
full using both bigfix then windows update, then loaded Microsoft update,
rebooted, then had an additional 7 to 10 updates, including some in the
critical listing, without office being installed at the time. (mind you
office also had its host of updates needed after I reinstalled their
personal copy instead of activating the copy it came with)
Remember, the average user has no need to visit the update site. They are
told by the OS that automatic updates are enabled, and that no more updates
are needed... why would the average consumer second guess that and go check
manually?
In this case BigFix is also pretty common on retail distributed systems, and
it also did not enable or notify the consumer of any other possible issues.
To me its four parts:
1. Microsoft failing to provide/inform about Microsoft update via automatic
updates.
2. Microsoft failing to hold OEMs accountable to some level of patch
management.
3. the OEMs for bundling so much crap with your new systems, and not giving
any detail on why/how to use it, if you need it, etc. This system came with
McAffee and Norton suites pre-installed and both not working until you go
through their sales pitch to purchase updates, etc (even though they have
free trials)
4. Microsoft for not prohibiting the OEMs from using undocumented tools like
BigFix in place of normal update tools (like windows update) Both do the
exact same thing, BigFix is more interactive, neither are explained, nor is
the user given any information on why to use either or both other than "your
system is vulnerable PATCH!!!!" which still leaves them unpatched.
Microsoft tightly binds us to EULAs, they should do the same to their
distributors and OEMs. Yes, the OEM is *supposed* to take over the support,
but when you call, your simply told "software is not supported, for an
additional fee we can help". To the average consumer that means they get
zero support except wash and reinstall, which is what most retail vendors
tell you to do. Even Dell and HP will not support software related problems
without additional payment.
The simple fact is the average consumer, or even small business is not given
enough information and the automation tools are not up to the job. More work
needs to be done to bring services like windows/Microsoft update to the
users' attention, as well as better advertisement of other services like
optional patches that are currently ignored.
I personally consider a SBE server to be in the same boat... they are
packaged as sold as a "self managed" device, that doesn't need IT staff. (in
fact many companies and distributors advertise it exactly that way... no IT
staff needed). When the Accountant gets stuck with the job of swapping
tapes and "keeping an eye on things" its mostly an issue of "if it doesn't
work reboot it" and not "go check the web once a month for updates, test and
apply them".
Yes, we, as IT professionals can work around this severe lack of clarity and
deal with the issues that patches cause, etc, but to assume a system that
may be visited once or never by a professional is ready for a end user to
support is just not practical. The systems are not at that level, nor are
the end users knowledgeable enough to even think to check for updates at all
on average. As a patch this month shows... one crash for any reason and
windows updates stops working. How would even an IT professional plan ahead
for something like that when they aren't supporting the system after
original install?
-----Original Message-----
From: John Hornbuckle [mailto:john.hornbuckle@taylor.k12.fl.us]
Sent: Tuesday, December 13, 2005 12:53 PM
To: Patch Management Mailing List
Subject: RE: Shame on us
While I certainly wouldn't defend the OEM's bloatware image, I do
question one comment you make... You mention that the machine was
configured to use Windows Update instead of Microsoft Update. While this
would perhaps cause the user to miss seeing non-OS updates that Windows
Update doesn't include, it would allow the user to patch their OS with
all current updates (unless I'm mistaken, there are no critical OS
updates that appear to Microsoft Update but not Windows Update). And
upon going to the Windows Update Web site, they'd see a link with bold
text advising them to migrate to Microsoft Update.
John
---
Looking for RSS? The Patchmanagement.org list is available via
http://listserver.patchmanagement.org/read/rss?forum=patchmanagement
PatchManagement.org is hosted by Shavlik Technologies
To unsubscribe send a blank email to
leave-patchmanagement@patchmanagement.org
If the above unsubscribe doesn't work, view your email headers
(in Outlook, open message, View-Options) and send a blank email to the
address
listed in the header that starts with 'List-Unsubscribe'.
If you are unable to unsubscribe via the above email address, please email
owner-patchmanagement@patchmanagement.org
---
Looking for RSS? The Patchmanagement.org list is available via
http://listserver.patchmanagement.org/read/rss?forum=patchmanagement
PatchManagement.org is hosted by Shavlik Technologies
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If the above unsubscribe doesn't work, view your email headers
(in Outlook, open message, View-Options) and send a blank email to the address
listed in the header that starts with 'List-Unsubscribe'.
If you are unable to unsubscribe via the above email address, please email
owner-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic