[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <405998A8.18745.6275BE5@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Re: Microsoft Security, baby steps ?
"Geo." <geoincidents@...info.org> wrote:
> It doesn't address the issue. The requirement is that some MS customers need
> to patch without putting the machine on the internet. For whatever reasons.
Absolutely.
Much _worse_ though, is that _FAR TOO FEW_ MS customers actually seem
to practice something like that. In a corporate environment I woud
expect to see that as a very widespread requirement (though maybe those
who do it have most of the the small-ish pool of really clueful Windows
techs who know what a slipstreamed install point is and so on, so
_they_ do not see any major problems there...).
> Is that such an unreasonable request?
No, it's not, but it may be the case that MS thinks it has such
requirements pretty well covered. Perhaps MS should be doing a lot
more/better work educating its (medium to large) customers how to do
system design, testing and rollout? Focussing on patch management (as
it is somewhat at the moment) kinda assumes that there is a "system"
worth patching, but if that has not been well-designed from the outset,
in most cases you are better off re-doing the base OS implementation,
rolling that out _then_ dealing with patching, which will be much
better designed into a system spec'ed and implemented today than the
existing one from several years back (assuming it was ever actually
"designed" -- Ghost, et al. are cool, but they aren't much as system
management tools _per se_).
Regards,
Nick FitzGerald
Powered by blists - more mailing lists