[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, Jan 21, 2009 at 12:29 AM, Simon Waters wrote:
> Add to that me seeing Flash downgrade itself from a patched to an
> unpatched version, and you see why Secunia report that ~98% of Windows
> boxes are running code known to be vulnerable.
>
> http://secunia.com/blog/37/
>
> On the other hand I have servers needing patching, so I'm not one to
> throw stones. But if 98% of people are getting it wrong, does that
> suggest that there is a usability issue here? I'd love to see similar
> stats for Debian boxes.
I bet they are lower (partly because using a central package manager
makes things easier, partly because I guess a higher proportion of
Debian users knows about the importance of patching). Still, the 98
percent was a bit of an exaggeration, because it includes programs
that are never run (can you blame a user for never updating Firefox
after installing it once but never using it?) or missing patches that
do not exist for, say, the language the user is using a program in.
Secunia, unsurprisingly, make a product that checks for missing
patches on the user's computer. (Which is a good thing, but the 98
percent might give users the message that 'everyone else is (not)
doing it so why would I?' and thus have the opposite effect.)
I don't know very much about Windows updates, but the whole idea of
sending out patches on a fixed day every month ('Patch Tuesday') is
that system administrators know in advance when patches are going to
be installed and even emergency updates are generally announced
shortly beforehand. So I don't think there are many excuses for wating
a few weeks to enforce patches or, worse, to find out a computer is
being updated and thus rebooted mid-surgery.
Martijn.
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html