1 In 3 Windows PCs Still Vulnerable To Worm Attack 242
CWmike writes "The worm that has infected several million Windows PCs, Downadup or 'Conficker,' is having a field day because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix, security firm Qualys said. Downadup surged dramatically this week and has infected an estimated 3.5 million PCs so far, according to Finnish security company F-Secure Corp. The worm exploits a bug in the Windows Server service used in Windows 2000, XP, Vista, Server 2003, and Server 2008. Qualys' CTO said, 'These slow [corporate] patch cycles are simply not acceptable. They lead directly to these high infection rates.'" This is indicative of why some are calling for Microsoft to rethink Patch Tuesday, as reader buzzardsbay pointed out.
router (Score:5, Insightful)
This is why I recommend everyone have a router installed on their internet connection, even if they have only one PC. Routers inherently block almost all worms.
Re: (Score:3, Insightful)
I find it easier to setup the internet connection with the router instead of using my own computer. I'm using Linux, and I find fiddling around with pppoe with the router is a lot easier than on my main computer.
Re:router (Score:5, Insightful)
Re:router (Score:4, Informative)
Re:router (Score:5, Funny)
No, the very nature of a router is to... route.
Or do the core internet routers also NAT?
Is China behind a large NAT? (This will probably be true in 2015, so hello people from then)
Re:router (Score:5, Informative)
There are 14 routers between me and slashdot.org, not one of them is doing any type of NAT.
Household Routers (Score:3)
Re:router (Score:5, Informative)
Re: (Score:3, Insightful)
All routers need to do some type of NAT period, it is how a router works.
Your ignorance is shocking. There are some good books and many internet sites explaining basic networking. There is even a 'for Dummies' book.
Re:router (Score:5, Funny)
Re:router (Score:5, Informative)
And it's great for all those annoying programs that try to phone home or check for updates at random times. What's that Acrobat Reader? You want to look for an update? No, I think I'll decide for myself when it's time to update you rather than have you nag me about it every time you're opened. Tick "create rule", hit "block". Enjoy your stay in the blacklist.
ESET Smart Security. Best $50 I've ever spent on software (except maybe The Orange Box).
Re:router (Score:4, Interesting)
when something malicious got through AVG, spybot, and adaware i was clued in when fdsb423.exe started trying to connect with the internet. a software firewall is not a defense, but it is a good way to tell that you have something going on. i also agree it is fun to turn off the dial-home on software that doesn't need to talk to it's mommy. HP printer drivers, i am looking at you.
Re: (Score:2)
As a friend of mine once remarked while playing a strategy game online.
You need De-Fence to defend yourself. Firewall are one. NATt's are another layer. Ditching the Windows inyour fence is always good.
Re:router (Score:5, Informative)
A router won't alert you when a program or service tries to access your connection, but a software firewall will.
Turn on logging and your router can notify your PC, your email, your blackberry, etc etc.
Re:router (Score:4, Insightful)
A router won't alert you when a program or service tries to access your connection, but a software firewall will.
Turn on logging and your router can notify your PC, your email, your blackberry, etc etc.
Hardware firewall via log entry/email:
Alert! Your pc has initiated a connection with xyz.com on port 80. I already let this through since you told me to allow all http traffic from your pc, so if it's malicious, tough luck.
Software firewall via immediate popup in current session:
Alert! backorifice.exe is attempting to open a connection to xyz.com on port 80. Since you've never authorized this program for any type of network connectivity, I haven't allowed this connection to be made. Do you want to allow it?
Your choice.
Related to this... is there any software for linux that functions in this way? (Blocking connections by program, with gui notification)
Re: (Score:2)
A router won't alert you when a program or service tries to access your connection
Depends on the router, I guess...
Most routers have some kind of logging feature. Typically those logs can be directed to an email account, or maybe a syslog server or something like that. Normally those logs can also be filtered to some degree.
Personally, I receive alerts from a few different routers when things start going weird.
Re: (Score:2)
Re:router (Score:5, Interesting)
That works well in home scenarios where the router is the only possible entry point of a worm. In office environments, you have laptop users that travel. They may or may not connect from home, often with mobile access or from their private line. Something you cannot shield, and more often than not is not shielded.
I've been lobbying in various consulting sessions that laptops from traveling workers are to be seen as "semi-trustworthy", if that. Because they can and do connect not only from within the trusted and firewalled network, but because of this very reason, they can connect in insecure scenarios and may be infected when they connect to the company networks. I have been lobbying to put them in a separate network ("separate but equal" has such a bad ring, but in this case it's pretty much what the idea is). If the worst case happens, it would at least only infect a usually very manageable number of computers instead of the whole corporate network.
Well, I guess I finally have a real life example of what happens when you don't heed it. Companies are like little kids, you have to let them touch the stove once before they believe you it's hot. But fortunately, some companies are willing to learn from the mistake of others...
Re:router (Score:5, Informative)
This is why I recommend everyone have a router installed on their internet connection, even if they have only one PC. Routers inherently block almost all worms.
I think, what you're trying to say, is that it is important for everyone to have a firewall on their Internet connection... Not a router. Routers don't inherently offer any protection at all. Many home-grade routers come pre-configured with NAT, which does get you some basic protection... But not all routers do NAT, and not all of them give you any protection.
And an external firewall on your Internet connection only protects you so far. It might keep a worm from crawling in through your Internet connection... But it won't stop a worm from spreading once it is inside your network.
That's why it is important to control the traffic inside your network, as well as traffic to/from the Internet. Maybe it isn't necessary to run a firewall on each and every PC, but you sure as hell better be monitoring your traffic and keeping your machines patched.
Re: (Score:2, Insightful)
XP SP2 (Score:3, Informative)
Genuine Advantage Validation (Score:5, Interesting)
I know a lot of people who are afraid of updates because of the genuine advantage validation. They got student priced versions of the software 5 years ago and are no longer students. They don't want to risk losing Visio/Word/PowerPoint or having some other software disabled on their computer.
The fear factor of automated reporting/validation is stopping a lot of people from running the updates.
Re: (Score:3, Informative)
I do this for my 2K system and my parents XP systems. Not because the systems aren't legitimate but because we have dial-up and getting automated updates would take forever. I just d/l the patches at work, plop them on my thumb drive and install.
One caveat. Every so often there is a patch/update which does require you to validate your system. You are notifie
Re:Genuine Advantage Validation (Score:4, Informative)
Re:Genuine Advantage Validation (Score:5, Insightful)
I do know of one other reason why people would be afraid of WGA, though.
Re: (Score:3, Informative)
They shouldn't be. WGA is pathetically easy to get around, even on pirated copies of Windows.
Don't know for sure about Office, because I've never looked into it, but for Windows XP, it's about a 30 second job to disable it, permanently.
Re: (Score:2)
So, you disable it, and now you can't download or install Windows Defender or IE7, you can't in fact download any non-critical updates or even use the windows update website, though if you have automatic updates turned on it will install the security fixes. I went the other way and installed the WGA plugin on my system so that I could download this crap through Firefox, but then I have a legal copy of XP Pro (with the sticker on the bottom of the system, and the OS reloaded from the CD from the vendor.)
Re: (Score:2)
No.
I've got a method to bypass activation and WGA that makes every copy of Windows look legit to MS. There's only one very small requirement, that I'm not going to divulge, as I'm not telling you how to pirate software.
It would, however, be simple for even a non-technical person to meet this requirement.
After that, the Windows update website works just fine, IE7 and Windows Defender will both install, and if you do install the WGA control from the site, it validates your copy of Windows as legitimate.
Re: (Score:2)
I've never tried it that way.
Does that also bypass product activation?
My method does.
Re:Genuine Advantage Validation (Score:4, Insightful)
I know a lot of people who are afraid of updates because of the genuine advantage validation. They got student priced versions of the software 5 years ago and are no longer students. They don't want to risk losing Visio/Word/PowerPoint or having some other software disabled on their computer.
The fear factor of automated reporting/validation is stopping a lot of people from running the updates.
I'm not sure how many people there are that are aware they should be running updates but actively decide not to because of WGA. I'm sure there are some folks, but I can't imagine it's all that many.
But you are correct, updates don't happen nearly enough, which is why machines are still vulnerable.
You've got updates for Windows, updates for Office, updates for whatever antivirus you're running... All those updates take a decent bite out of your productivity. They eat some of your bandwidth, then eat some of your computing power, then they ask for a reboot.
I know plenty of people who just ignore all the update notices. Unless the machine does all its updating completely automatically without interrupting the user, frequently it just doesn't happen.
Re: (Score:2)
Automatic updates doesn't do this. Just turn it on from my control panel. The web version of automatic updates will try to install WGA, but you can not allow the package.
If their office installs are not valid then they'll just get a warning when they try to download any new features (templates and stuff). It wont shut them off.
MS allows critical and security updates to come through even on machines that have known pirated installs and keys. Its pretty safe to do.
Re: (Score:2, Funny)
Count 3. (Score:2, Informative)
You know of my parents and I, then.
They switched to Ubuntu and I to gNewSense as a result.
Re: (Score:2)
XP x64 has two major advantages.
1. It's user base is small so viruses tend not to target it.
2. It's user base is small so MS doesn't deploy WGA on it.
You forgot the most important one:
3. No manufacturers make drivers for XP 64, so your network won't work anyway.
Re: (Score:2)
Get any work done? (Score:4, Funny)
Re: (Score:2)
Jeez, with virus scanners, several types of automatic updates, and other gadgety things polluting the standard corporate desktop, it is a wonder that people can get any work done on their PCs anyway. Six Inches of Air.
It keeps plenty of business open for people like me who repair them in their spare time to make some extra cash. :)
Re: (Score:2)
Not to mention all of the people in third world countries that depend on the income from phishing scams.
See! Microsoft has love and respect for the little people!
Re:Get any work done? (Score:5, Insightful)
Jeez, with virus scanners, several types of automatic updates, and other gadgety things polluting the standard corporate desktop, it is a wonder that people can get any work done on their PCs anyway. Six Inches of Air.
Corporate desktops aren't that bad. I mean, they can be... But usually there's at least a little oversight. You don't typically see people with eleven different smiley-toolbars in a business... It happens, but not so much.
Home users, on the other hand, can be a true nightmare. Plugins for various web pages... Piles of downloaded crapware games... IncrediMail... Several different media players and a pile of music or movies... A couple different P2P programs... A couple different malware scanners... I cringe just thinking about it.
You're right though. Entirely too many different bits of software want to do their own updates. Windows Updates, Office Updates, anti-malware updates, updates for Adobe Reader, updates for Flash, updates for Java, updates for Real Player, updates for HP's drivers and suites, updates for QuickTime and iTunes...
It's ridiculous. I'll routinely see at least a half-dozen updaters running in the background.
That's one of the things I really like about most Linux distributions... Generally you've got a single package manager that takes care of everything for you.
Re: (Score:2)
Not that bad considering it's Windows (Score:5, Funny)
If my years of tech support taught me anything it's that 9 out of 10 Windows users are more damaging to computers than anything else.
Re:Not that bad considering it's Windows (Score:5, Funny)
You all ought to be ashamed of yourselves...
Re: (Score:2)
(sarcasm alert)
Why not? I mean, Ubuntu kept that poor woman from going back to school [slashdot.org]. As we've been properly educated by far more intelligent people, Open Source is a cancer and should be exterminated. The Internet would be much safer without it. In fact, I doubt we'd even have a problem with some Windows worm if Open Source never even existed to route those evil packets around the world like that.
Re:Not that bad considering it's Windows (Score:4, Insightful)
Why does anyone take anything coming out of McAfee still serious? Has nobody ever used their software? Well? And you STILL believe anything they say about security?
Re: (Score:2)
Hey, it's just a job. With the economy and all...
Re: (Score:2)
Oops! Thanks to you, my earlier post about it being Microsoft that has love for the little people was wrong. Now I know it is the open source folks allowing deprived third world people income from phishing scams. Thank you sir/madam/pooch for showing me the error of my ways.
blackhat thoughts (Score:5, Funny)
Re: (Score:2)
It's called Grid computing. Millions of people, every day, allow unknown other people to run software on their computers. (worldcommunitygrid.org, seti@home, folding@home, distributed.net, and dozens of other networks). Microsoft could easily leverage these people (who, for the most part, simply do not care about their power bills, apparently) by offering grid computing under another brand -- or, alternatively, to offset the licensing cost of Windows. Don't want to pay for Windows 7 ? Just agree to run thei
Re:blackhat thoughts (Score:4, Funny)
I can hear it now.
worm developers!
worm developers!
worm developers!
Re: (Score:3, Funny)
I don't think McAfee or Symantec would like Microsoft worming in on their territory.
Not an easy calculation (Score:3, Informative)
How much downtime is caused (money is lost) by patches that break things versus how much money is lost when machines get hacked? This isn't a windows only issue. I've seen Debian security releases break things too. They're a bit easier to rollback, but the problem is fundamentally an ROI or EV problem, not a technical one.
Re: (Score:3, Informative)
"I've seen Debian security releases break things too."
Can you provide an example, please?
Re: (Score:2)
Re: (Score:2)
That's nothing (Score:2, Funny)
Patches are good, not bad! (Score:4, Interesting)
What drives me absolutely nuts is how people who are not computer professionals talk about patches with contempt. In any magazine article about an operating system, whether it be from the Windows family, Mac OS X, or Linux, when the subject of patches comes up, the writer will usually say something to the effect that a downside of using this operating system is the high frequency of patches.
In a perfect world, software would have zero bugs (security holes are bugs, too, if you think about it). No product would have any problems. Everything would be perfect. There would be no need for patches.
But unfortunately we do not live in a perfect world, and software does have bugs. When patches are available at a frequency such as daily (as is sometimes the case if you use Ubuntu, patches not only for the OS but for any programs you have installed too), or every few weeks as is the case with Mac OS X, you know that people behind the product are responsible, are continuing to develop and refine the software, and you benefit from those refinements at the frequency of the patches.
We all know this, yet because many people feel contempt toward software patches, and because magazines and newspapers write inaccurately about this subject, many boxes out there are vulnerable to many types of attack, and this won't change any time soon. I think some effort needs to be expended by the marketing departments of various software companies to convince people that patches are good, not bad.
I just had one additional thought about this Windows patch. Perhaps some of these boxes are using illegitimate copies of Windows and are therefore ineligible for the patch?
Re:Patches are good, not bad! (Score:4, Insightful)
.
Your mistaking speed of availibility with frequency of occurance. I like patches to come out as soon as possible. I do not like patches to come out as frequently as possible.
If a bug is found and the patch is available the next day, that is a good thing.
If patches come out every day because there are bugs found when somebody just glances at the code, that is a bad thing because the code either had incompetant QA or is so chock full of bugs it took that long to work down the list that QA returned.
Re:Patches are good, not bad! (Score:4, Insightful)
Honestly, users wouldn't feel nearly as much contempt over patches if they were less obtrusive.
The number of times a Windows update patch requires a system restart is ridiculous.
Even with WSUS pushing out all the updates in the middle of the night, and auto rebooting boxes, it irritates people who purposely left a PC logged in, with the screen password-locked, before going home at night for one reason or another. They come in the next morning to find they were forcibly logged out, with work potentially lost or some operation not finished they intended to let run overnight.
(And let's be fair here. This is ALSO a big issue with Mac OS X. Most, if not all, of their required reboots could be eliminated if they'd stop and restart the appropriate services, instead of just doing a restart as an "easy way" to accomplish the same thing.)
Immune (Score:5, Funny)
I'm immune to the worm. I'm still running Windows98 and it doesn't have "Windows Server service" and all that other wormbait crap.
Oh, hold on.... I'll be right back. I've been online 40 minutes and I need to reboot.
-
Re:Immune (Score:4, Funny)
Re: (Score:3, Informative)
If you don't do it preemptively, Windows 98 reboots without rhythm. Although in my experience, if you have all the patches and updates installed, it will bluescreen instead of rebooting. Windows XP is truly a gigantic step forwards, as by default it usually reboots when it bluescreens, too.
Re: (Score:2)
Re: (Score:2)
Not Acceptable? (Score:5, Insightful)
It's also not acceptable that corporate desktops become useless because of an update that MS rolled out that broke mission-critical software.
There's a reason there's an IT vetting process with patches (fool me once, shame on you... fool me twice, three times, every patch tuesday, shame on me). There's also a reason why those processes take a while. If you disagree with IT workers doing their jobs and making sure that an update won't screw up the network/application/productivity/company, take it up with software vendors and MS, not with the people who are trying to make sure their company stays functioning. Or will you be willing to pay for their time in fixing problems if they apply patches that break things?
Re: (Score:3, Interesting)
I've worked at several places that didn't roll out patches right away. It wasn't because the IT department was busily testing the patches. It was because they were afraid of the patches, but had no time to test them.
For one example, we had a farm of servers. I suggested that they let the developers patch their machines first, then the test servers, then the staging servers, then production. That way there was no risk, and no need to go about with extra testing effort. They agreed -- but nothing happene
Re:Not Acceptable? (Score:4, Informative)
I've worked at several places that didn't roll out patches right away. It wasn't because the IT department was busily testing the patches. It was because they were afraid of the patches, but had no time to test them.
That's typically the problem around here. We've got plenty to keep us busy on a day-to-day basis... Something is always broken, or requiring replacement, or testing, or whatever.
I hate to just roll out a patch and hope for the best. That's bit me in the ass far too many times. But I find it hard to actually come up with time to read over the patch notes, apply the patch in a test environment, and then watch to see if something happens.
Sure, this particular patch is a few months old... And it was released with enough obvious urgency that we've pushed it through and updated most of our systems... But we're still sitting on some updates that are just as old, but don't seem quite as necessary.
Re: (Score:2)
Patch Tuesday broke a mission semi-critical server. Removing the patches did not fix it. It had to be FDisked and rebuilt.
And our backup guy forgot to add it to his new backup server rotation.
The vendor who built the server software (one off custom) did charge for his 12 hours to rebuild it.
Should we charge that back to Microsoft? The same patches only broke one other machine. 600 others were fine.
Too bad this OS wasn't written properly in the first place. At $300 a pop, the development quality assuran
Re: (Score:2)
Re: (Score:2)
How about installing updates? (Score:4, Insightful)
The update was issued in October.
If you haven't patched, there's no fault of anybody but your own.
If your car has a recall for a safety belt problem, and you don't get it fixed and get into an accident, is it suddenly the car manufacturer's fault? No.
And likewise it's not MS's fault if you can't install patches on your OS.
Re: (Score:2)
It is when you can point to a past recall for a safety belt problem that caused the car to fail to start.
Re: (Score:2, Insightful)
Well, yeah.
But now imagine that cars are recalled literally EVERY SINGLE MONTH, for SEVERAL life-threatening problems each and every time. Would you still say that the manufacturer is doing their job well?
Of course not; you'd switch away from that manufacturer ASAP.
But wait! Now imagine that there's only one large car manufacturer that controls 95% of the market, and the only other cars are either luxury cars that are totally different (Apple) or home-built hobbyist cars.
And also imagine that the dominant m
Re: (Score:2)
Re: (Score:3, Interesting)
Here are a few reasons why computers should be expected to have more updates than cars:
* Unlike cars you don't have to recall the car to refit it, but can instead send the refit to the customer and have it install itself. (This is mostly an argument for more non security updates)
* Computers connected to the internet exist in a hostile environment unlike cars that exist in a relativly friendly environment. (Imagine if other drivers could earn money by pushing your car of the road, and rarely would get punish
Obligatory bad car analogy (Score:2)
If your car has a recall for a safety belt problem, and you don't get it fixed and get into an accident, is it suddenly the car manufacturer's fault? No.
I can just see it now .... recall Tuesday.
YAY CAR ANALOGY (Score:2)
If your car has a recall for a safety belt problem, and you don't get it fixed and get into an accident, is it suddenly the car manufacturer's fault? No.
What if my car's safety belt has a design or manufacturing flaw, but the manufacturer has not yet acknowledged it by issuing a recall notice? If I sustain injuries that can be proven to have been caused by the defective belt, can the manufacturer be held liable? Yes! Now can you imagine if a software publisher had to pay restitution to customers every ti
Re: (Score:2)
Re: (Score:2)
Talk about glasses being half full (Score:2)
Really? 1 in 3? That's the most optimistic statement I've heard in a month, and that includes a 5 year old's wish list.
This morning, I'm lamenting the issues I'm having with flash video on AMD-64 Ubuntu 8.10... then I read the story of the latest "Worm on Windows"(tm) and thought "thank fsck I am using Linux".
Yeah, I know that abbreviates to WoW... so what? I don't play games.
Re: (Score:2)
You could always play WoG instead.
Re: (Score:2)
If you follow the directions for copying the files to the specific .mozilla folder of your home directory... Flash 64 works great. At least it does for me. I have yet to witness a crash, but I do get some tearing in full screen.
Re: (Score:2)
Well, it 'works' if you call it that. It seems like the buffering is done on some other machine... in India or something. I can download with flashgot etc. and all plays fine. For some reason the buffering SUCKS. Also, not all flash plays. If anyone has really good links for help, it would be appreciated. I'm not finding the bestest latest greatest tutorials on this.
Turn off rpc? (Score:2)
I'm not a huge Windows user, but I know you can turn off the rpc service via msconfig. Why don't more companies do this? Or is it needed for certain things, like maybe Exchange? I confess my ignorance here.
Re: (Score:3, Informative)
Killing the RPC service effectively kills the computer. Pretty much everything is dependent on it.
It's basically like running in safe mode, but without the "Safe Mode" in the corner of the screen, and with more stuff that doesn't work.
Like the Event Viewer. You can't even see the list of events in the viewer if the RPC service isn't running.
It's ugly. Don't do it.
Re: (Score:3, Informative)
Although I do use and support Windows every day, I don't claim to be an expert on the Windows services and the apps that need them....
But yes, I *do* believe you need to leave the RPC service running in most circumstances. The fact it is called "remote" doesn't imply it only relates to remote computers on a network. Rather, it means separate program modules, even running on the SAME machine. Service Pack 2 for XP turns it on by default, and even grays out the option to disable it - which is a strong hint
Re: (Score:2)
Interesting, thanks for looking that up.
Re: (Score:2)
Conflicker? How about Sasser? (Score:2)
Remember it? I know, over 4 years now, but it's still pounding at my firewall.
And anyone is wondering that 1/3 of the machines running Windows are still unpatched for a threat that's not even half a year old? I'd rather wonder if it's the same 1/3 of machines that pound against my door trying to sell me Sasser and Mydoom.
Not patched, not worried (Score:2)
As I've said many times, patches are nowhere near as high a concern if you lock things down in the first place, and Microsoft do provide some pretty good tools for doing that in Windows (namely Group Policy).
Our protection against viruses is pretty thorough, and we've not had a sniff of an infection in 3+ years:
- All of our machines have filtered access to the outside world
- Staff can only visit work related sites during working hours (enforced at the firewall)
- No website can run any kind of script unless
Re: (Score:2)
That is a example of a fairly good security policy, however if someone really wishes to own your network they will.
Re: (Score:2)
Yup, that's why I want to improve our backups.
However, we're pretty low key, and I don't think I've annoyed anybody that much yet :-)
Re: (Score:3, Insightful)
lol, trust me, it would take a lot longer to get this network working under linux than windows, and that's before you count the couple of dozen specialist apps that simply don't exist in Linux. Linux is good, but it really isn't the answer to everything. I'm not aware of anything that as easy to use and effective as group policy for securing computers and deploying software. I can rollout new versions of some of our apps to 100+ computers in under ten minutes of my time (and that includes the download!).
Re: (Score:2)
Yup, that'll be IT god power. Folks like me who need web access to do their job have it, but it's definately not the standard configuration. And we don't have any problems with productivity thanks, everything people need to perform their jobs is on their machines, tested and working, and because IT aren't constantly firefighting problems we can respond to requests quickly.
Locked down computers might not work for you, but for an awful lot of jobs they work just fine.
3 In 3 Windows PCs Still Vulnerable To Something (Score:3, Interesting)
Every single windows systems is vulnerable to something, it's just a matter of time until the right attack vector is tried.
If you use windows you will get some kind of malware sooner or later. If you are lucky this will be something relatively harmless. If you are unlucky you have already been sending personal and company data to organized crime groups for some time.
The big picture has not changed in many years. Windows is not fit to hold anything you don't want made public. Anti-virus software and firewalls are a band-aid not a fix.
Re:Weekly updates? Still not enough. (Score:5, Informative)
Have you ever tried managing 17,000 desktops? No, didn't think so.
Most large corps run WSUS, with updates on a weekly schedule, at most. To do otherwise would cripple the network, or require such an investment in equipment and manpower as to be nearly impossible to pull off.
Having said that, most large companies also have a mechanism for quick-release of highly critical patches. I know we rolled out the MS08-067 patch to our desktops immediately, and had a 98% acceptance rate within 3 days.
Re: (Score:2)
Re:Weekly updates? Still not enough. (Score:4, Insightful)
In really big shops the bottleneck is usually testing patches against a zillion weird|old|crazy applications that someone, somewhere absolutely needs.
Re: (Score:2)
Sure, I'll just run out to the 40 or so client sites within a 75 mile radius that all my employees are working onsite at, and double check their laptops. Then, I'll go visit the employees that are working at home. Of course, I'll drive the two hours to our remote office, to check all desktops and laptops there... I'll get right on that...
Weekly updates is more than good enough. MS Only pushes updates out Monthly anyways. If they do occasional do an out of order patch, I make it a higher priority. Thi
Re: (Score:2)
Re: (Score:2)