Mmm.. Microsoft Patch Day

http://www.surfionline.com/archives/2007/08/16/mmm-microsoft-patch-day/

Published on August 16th, 2007.

& I thought Vista was supposed to be the most secure edition of Windows yet?

I much prefer the OS X security updates all rolled in to one nice package.

Comments

Feed for comments.

1.

.Lou (August 16th, 2007, 2:33 pm)

I agree. I was surprised today with all those damn updates. I want a mac :

.Lou said: I agree. I was surprised today with all those damn updates. I want a mac :
2.

dt (August 16th, 2007, 3:28 pm)

does it matter if the updates are in one package or in 1000? as long as they can be downloaded and installed easily then i don’t mind

dt said: :P does it matter if the updates are in one package or in 1000? as long as they can be downloaded and installed easily then i don't mind :P
3.

alephresh (August 16th, 2007, 6:07 pm)

Yeah, all those specific updates are really cumbersome. Why not just release a new minor version of Windows every month? Why do they have to reinvent the wheel? It’s not like people are meant to handpick individual security updates.

This is another area where Apple’s elegance shines next to Microsoft (though I’d prefer new minor OS X versions over security update packs).

alephresh said: Yeah, all those specific updates are really cumbersome. Why not just release a new minor version of Windows every month? Why do they have to reinvent the wheel? It's not like people are meant to handpick individual security updates. This is another area where Apple's elegance shines next to Microsoft (though I'd prefer new minor OS X versions over security update packs).
4.

TReKiE (August 16th, 2007, 6:17 pm)

I handpick updates and there are at least two I’ve not installed as they interfere with some of my customizations and work. I’m not the only one who does this and people find incompatibilites with certain updates all the time.

If they were all together with no options, I wouldn’t be installing them. Assuming they’re cumulative, I’m sure there would be a fair number of unprotected PCs.

It’s about options, which is something good ol’ Apple doesn’t give you. Or if they do give you options, they get ignored. For instance, Apple Software Update is set to Never check, yet shows up every few weeks to try and get me to install iTunes just because I have QuickTime installed. I uninstalled their software update app entirely last week for violating my option and I have no intention of ever re-installing it.

TReKiE said: I handpick updates and there are at least two I've not installed as they interfere with some of my customizations and work. I'm not the only one who does this and people find incompatibilites with certain updates all the time. If they were all together with no options, I wouldn't be installing them. Assuming they're cumulative, I'm sure there would be a fair number of unprotected PCs. It's about options, which is something good ol' Apple doesn't give you. Or if they do give you options, they get ignored. For instance, Apple Software Update is set to Never check, yet shows up every few weeks to try and get me to install iTunes just because I have QuickTime installed. I uninstalled their software update app entirely last week for violating my option and I have no intention of ever re-installing it.
5.

alephresh (August 16th, 2007, 6:52 pm)

@TReKiE: How could security updates cause incompatibilities? They shouldn’t change APIs or affect existing functionality. Laymen would be really pissed off if they did. And honestly, shouldn’t you prefer applying a security patch over, well, anything else?

I completely agree about the iTunes requests. It’s pretty outrageous really.

alephresh said: @TReKiE: How could security updates cause incompatibilities? They shouldn't change APIs or affect existing functionality. Laymen would be really pissed off if they did. And honestly, shouldn't you prefer applying a security patch over, well, anything else? I completely agree about the iTunes requests. It's pretty outrageous really. :(
6.

absorbation (August 16th, 2007, 10:19 pm)

I totally agree. Windows Vista has been so frustrating for me, I want an OS that is simple and user friendly. I don’t want a security prompt every time I delete a short-cut on my start menu :(.

absorbation said: I totally agree. Windows Vista has been so frustrating for me, I want an OS that is simple and user friendly. I don't want a security prompt every time I delete a short-cut on my start menu :(.
7.

.Lou (August 16th, 2007, 11:55 pm)

yeah, I agree with TReKiE for the iTunes thing. It gets really annoying. I’ve got the same issue here, and next time, I might actually uninstall the update thing if I can be bothered

.Lou said: yeah, I agree with TReKiE for the iTunes thing. It gets really annoying. I've got the same issue here, and next time, I might actually uninstall the update thing if I can be bothered ;-)
8.

Tikitiki (August 17th, 2007, 2:32 am)

I don’t see a problem with how Microsoft does it as long as my damn pc is secure. One thing I hate about updates is having to restart.

Tikitiki said: I don't see a problem with how Microsoft does it as long as my damn pc is secure. One thing I hate about updates is having to restart.
9.

TReKiE (August 17th, 2007, 7:26 am)

@alephresh:

Because sometimes said fixes change the behavior of something which a particular application is depending on (even though it may be undocumented). For instance, when they broke a number of custom themes because they -fixed- a problem.

If you install a patch and it breaks an application — you can simply uninstall it and keep the others until the application is updated.

After reflection — Microsoft does provide them all in one big bunch as you’re all wanting as a service pack. With the firewall engaged in Windows (or hardware firewall) and IE’s protected mode, you probably can live on service pack to service pack in Vista (disclaimer: I’ve not reviewed every single update since RTM so this is just an assumption).

TReKiE said: @alephresh: Because sometimes said fixes change the behavior of something which a particular application is depending on (even though it may be undocumented). For instance, when they broke a number of custom themes because they -fixed- a problem. If you install a patch and it breaks an application -- you can simply uninstall it and keep the others until the application is updated. After reflection -- Microsoft does provide them all in one big bunch as you're all wanting as a service pack. With the firewall engaged in Windows (or hardware firewall) and IE's protected mode, you probably can live on service pack to service pack in Vista (disclaimer: I've not reviewed every single update since RTM so this is just an assumption).
10.

alephresh (August 17th, 2007, 9:14 am)

Tikitiki said:
One thing I hate about updates is having to restart.

Indeed. Three things I really want from a modern OS:

1. Version updates in memory.
2. Great performance. 21st century computers should start up in just a few seconds (at most).
3. Sandboxed (virtualized) executables by default. Normally apps could only access resources through the OS. They would request a list of very specific privileges during setup or on runtime, and the user would get to see them all and accept or decline. The system would show which privileges are more dangerous and warn the user as necessary.

alephresh said: Indeed. Three things I really want from a modern OS: 1. Version updates in memory. :D 2. Great performance. 21st century computers should start up in just a few seconds (at most). 3. Sandboxed (virtualized) executables by default. Normally apps could only access resources through the OS. They would request a list of very specific privileges during setup or on runtime, and the user would get to see them all and accept or decline. The system would show which privileges are more dangerous and warn the user as necessary.
11.

Matt Light (August 17th, 2007, 9:24 am)

On OS X I have yet to run into a situation where I have to opt out of an update because it would overwrite a customization. So, even though Apple doesn’t give me the ability to pick 8 of 10 updates, I’d still rather have OS X. That and the fact that security updates for OS X are mostly precautionary where as security updates for Windows are preventative makes a bit of a difference.

I don’t mind having to update my XP partition as much as I have to… after all, it keeps my system secure (I hope). However, if they can’t be more specific than “Security Update for Window Vista” (such as “Security Update for Paint” ;)), all 6 of those updates can probably be released as one.

If we’re going to get into Windows vs. OS X, though, I’ll stand behind OS X because of its Unix back-end and the fact that I can legally run the OS on five multi-user computers for $200US. Microsoft licenses Vista to one device, unless you go the more expensive business route.

Matt Light said: On OS X I have yet to run into a situation where I have to opt out of an update because it would overwrite a customization. So, even though Apple doesn't give me the ability to pick 8 of 10 updates, I'd still rather have OS X. That and the fact that security updates for OS X are mostly precautionary where as security updates for Windows are preventative makes a bit of a difference. I don't mind having to update my XP partition as much as I have to... after all, it keeps my system secure (I hope). However, if they can't be more specific than "Security Update for Window Vista" (such as "Security Update for Paint" ;)), all 6 of those updates can probably be released as one. If we're going to get into Windows vs. OS X, though, I'll stand behind OS X because of its Unix back-end and the fact that I can legally run the OS on five multi-user computers for $200US. Microsoft licenses Vista to one device, unless you go the more expensive business route.
12.

TReKiE (August 17th, 2007, 4:01 pm)

Take a look at this:
http://blogs.technet.com/security/archive/2007/08/16/july-2007-operating-system-vulnerability-scorecard.aspx

Scroll down to see the chart.

TReKiE said: Take a look at this: http://blogs.technet.com/security/archive/2007/08/16/july-2007-operating-system-vulnerability-scorecard.aspx Scroll down to see the chart.
13.

Matt Light (August 17th, 2007, 5:54 pm)

First off, sorry Chris. You may have not intended this discussion, but it is interesting to talk about. Now for my essay…

I haven’t claimed I’m a security expert nor did I say that OS X is more secure than Windows. However, I did and still claim that OS X updates are mostly precautionary and Windows updates are preventative. It doesn’t matter how many holes are in your system if you aren’t being targeted and exploited. Although it’s not Microsoft’s own doing, Windows is more often exploited than OS X.

The charts you linked to display the “number of vulnerabilities fixed,” which can be twisted in any number of ways:
- Windows has fewer vulns than Mac OS X, so there are fewer to be fixed.
- Microsoft fails to fix many of their vulns, so there are fewer fixed vulns.
- Apple fixes 100% of their vulns, which explains the high number of fixed vulns.
- etc.
I’m not saying which, if any, of these statements is true, because I do not know. I’m not about to use numbers to compare the security of different operating systems, because raw numbers do not tell the whole story (… and I’m still not a security expert). From what I know, Windows is used by many more people than OS X, so it would make sense if it is exploited more often. Criminals want to do as much damage as they can, so they go after the majority of users. Does this make a Mac safer? For now. Does it make a Mac more secure? Not by any means.

My statement (in my previous post) that I stand behind OS X is a statement of personal preference. The first 20 years of my life I used nothing but Windows, and I thought that’d never change. A year or so ago, I got a whiff of a Mac and couldn’t help but bring one home (for reasons . I still run Windows. In fact, the majority of the computers in my household run Windows… and my dad would be out of a job if Windows didn’t exist. I’m not against Windows, I just prefer my Mac. Based on your Microsoft speakers, keyboard, mouse, phone, …, and Messenger, I’m going to guess you prefer Microsoft. That’s fine by me, but I have to ask: when’s the last time you tried out a Mac?

Matt Light said: First off, sorry Chris. You may have not intended this discussion, but it is interesting to talk about. Now for my essay... I haven't claimed I'm a security expert nor did I say that OS X is more secure than Windows. However, I did and still claim that OS X updates are mostly precautionary and Windows updates are preventative. It doesn't matter how many holes are in your system if you aren't being targeted and exploited. Although it's not Microsoft's own doing, Windows is more often exploited than OS X. The charts you linked to display the "number of vulnerabilities fixed," which can be twisted in any number of ways: - Windows has fewer vulns than Mac OS X, so there are fewer to be fixed. - Microsoft fails to fix many of their vulns, so there are fewer fixed vulns. - Apple fixes 100% of their vulns, which explains the high number of fixed vulns. - etc. I'm not saying which, if any, of these statements is true, because I do not know. I'm not about to use numbers to compare the security of different operating systems, because raw numbers do not tell the whole story (... and I'm still not a security expert). From what I know, Windows is used by many more people than OS X, so it would make sense if it is exploited more often. Criminals want to do as much damage as they can, so they go after the majority of users. Does this make a Mac safer? For now. Does it make a Mac more secure? Not by any means. My statement (in my previous post) that I stand behind OS X is a statement of personal preference. The first 20 years of my life I used nothing but Windows, and I thought that'd never change. A year or so ago, I got a whiff of a Mac and couldn't help but bring one home (for reasons . I still run Windows. In fact, the majority of the computers in my household run Windows... and my dad would be out of a job if Windows didn't exist. I'm not against Windows, I just prefer my Mac. Based on your Microsoft speakers, keyboard, mouse, phone, ..., and Messenger, I'm going to guess you prefer Microsoft. That's fine by me, but I have to ask: when's the last time you tried out a Mac? ;-)
14.

Chris Boulton (August 18th, 2007, 12:53 am)

Matt! You’re still around this neck of the woods!
This has actually turned in to a bigger discussion than I thought - but I believe I’ll add my points in here as well.

dt said: does it matter if the updates are in one package or in 1000? as long as they can be downloaded and installed easily then i don’t mind

I think Matt & sock (pfft, alephresh) covered all of that and I agree with them.

TReKiE said:
It’s about options, which is something good ol’ Apple doesn’t give you. Or if they do give you options, they get ignored. For instance, Apple Software Update is set to Never check, yet shows up every few weeks to try and get me to install iTunes just because I have QuickTime installed. I uninstalled their software update app entirely last week for violating my option and I have no intention of ever re-installing it.

It doesn’t do that here - so that is a bug and the only way it’d get fixed is if you actually reported it to Apple so they could look in to it more.

TReKiE said:
Take a look at this:
http://blogs.technet.com/security/archive/2007/08/16/july-2007-operating-system-vulnerability-scorecard.aspx

Scroll down to see the chart.

I’m to believe a set of charts based on data provided by Sun & graphed by Microsoft? Two competitors to Linux. Miraculous how Windows always seems to come out on top.

You can’t make the comparison about OS X and Vista security either. Vista has only been out a few months compared to the full year worth of Vulnerabilities for OS X.

Based on my calculations, there have been around 37 security related updates for Windows Vista in the past 5 months. Where is this data from? I’ve pulled it directly from the MS knowledge base with monthly summeries of security updates. That is 37 in 5 months, around 70 a year at the current rate.

That’s over 70 vulnerabilities discovered in Vista since it’s conception/release compared to OS X. This is OS X 10.4 Tiger, released in 2005. Most of the vulnerabilities are only being discovered recently, though they’ve been in the code longer - so it’s unfair to compare the numbers when you’re not looking at the release dates of both of versions of the OS too.

One could also say that the majority of these vulnerabilities within OS X actually lay within the third party GNU/Linux programs included with the operating system and aren’t a direct result of Apple’s ability to develop secure software. On the other hand.. Microsoft develops the majority (as in 99%) of Windows themselves.

Matt, Jon is a Microsoft MVP under the field of Windows Live!/MSN Messenger, so of course he is going to be pro-MS.

Chris

Chris Boulton said: Matt! You're still around this neck of the woods! :-o This has actually turned in to a bigger discussion than I thought - but I believe I'll add my points in here as well. I think Matt & sock (pfft, alephresh) covered all of that and I agree with them. It doesn't do that here - so that is a bug and the only way it'd get fixed is if you actually reported it to Apple so they could look in to it more. I'm to believe a set of charts based on data provided by Sun & graphed by Microsoft? Two competitors to Linux. Miraculous how Windows always seems to come out on top. You can't make the comparison about OS X and Vista security either. Vista has only been out a few months compared to the full year worth of Vulnerabilities for OS X. Based on my calculations, there have been around 37 security related updates for Windows Vista in the past 5 months. Where is this data from? I've pulled it directly from the MS knowledge base with monthly summeries of security updates. That is 37 in 5 months, around 70 a year at the current rate. That's over 70 vulnerabilities discovered in Vista since it's conception/release compared to OS X. This is OS X 10.4 Tiger, released in 2005. Most of the vulnerabilities are only being discovered recently, though they've been in the code longer - so it's unfair to compare the numbers when you're not looking at the release dates of both of versions of the OS too. One could also say that the majority of these vulnerabilities within OS X actually lay within the third party GNU/Linux programs included with the operating system and aren't a direct result of Apple's ability to develop secure software. On the other hand.. Microsoft develops the majority (as in 99%) of Windows themselves. Matt, Jon is a Microsoft MVP under the field of Windows Live!/MSN Messenger, so of course he is going to be pro-MS. Chris
15.

Tikitiki (August 18th, 2007, 11:12 am)

What I’d like to see is a graph that shows total number of vulnerabilities in the OS’s code only (exclude all other programs). That would give an accurate measure of how secure the OS itself is. All other programs have their separate teams (Internet Explorer Team, Microsoft Office team, etc….), and will always have their vulnerabilities. Just like in MyBB, programmers are only human, and humans all make mistakes.

As for the Vista is safer argument, it is. However people took it as safer = less vulnerabilities where as it really means that we’ve included a new feature called prompt-you-as-many-times-as-possible. That makes it your fault, rather than microsofts if you turned off UAC or simply say yes to all prompts (meaning you may have just said yes to a virus, which in turn makes Microsoft not accountable for whatever happens to your system)… which is how it’s going to end up in the end anyway).

You can call it mis-advertising on Microsoft’s side but it really is how they all do it these days and nothing unlikely of Microsoft.

Tikitiki said: What I'd like to see is a graph that shows total number of vulnerabilities in the OS's code <i>only</i> (exclude all other programs). That would give an accurate measure of how secure the OS itself is. All other programs have their separate teams (Internet Explorer Team, Microsoft Office team, etc....), and will always have their vulnerabilities. Just like in MyBB, programmers are only human, and humans all make mistakes. As for the Vista is safer argument, it is. However people took it as safer = less vulnerabilities where as it really means that we've included a new feature called prompt-you-as-many-times-as-possible. That makes it your fault, rather than microsofts if you turned off UAC or simply say yes to all prompts (meaning you may have just said yes to a virus, which in turn makes Microsoft not accountable for whatever happens to your system)... which is how it's going to end up in the end anyway). You can call it mis-advertising on Microsoft's side but it really is how they all do it these days and nothing unlikely of Microsoft.
16.

Matt Light (August 25th, 2007, 8:25 am)

Chris Boulton said:
Matt! You’re still around this neck of the woods!

The gremlins won’t let me leave.

Matt Light said: The gremlins won't let me leave. ;-)

SurfiOnline

Mmm.. Microsoft Patch Day

Comments

Post a Comment

About Chris

Tags

Where to from here?

Sponsored Links