I have to say i disagree completely with you on this when it comes to security fixes. I manage 250 clients, 30+ servers, and i update everything. Lately I have installed SUS to do the job. Over two years at this place, I have yet to se a problem caused by a security patch. I think that argument more often is an excuse to be lazy than a real life sitiuation. No offence. Hotfixes (not security fixes) and Service Packs I have had problems with, but that is another matter. But if things were as easy as you would hope, then the janitor could do this job, and we would all be serving BicMacs in a DriveTrough. Mvh Svein Arild -----Opprinnelig melding----- Fra: Berger, Gunnar [mailto:GBerger@xxxxxxxxxx] Sendt: 10. desember 2003 14:59 Til: windows2000@xxxxxxxxxxxxx Emne: [windows2000] Re: SV: Re: Discussion: Microsoft to release patches once per month My complaint is that M$ patches normally end up doing more harm then good. I end up having to run a test environment on the patch, once I determine it is safe to run. I send it out to my users and then they figured out what I missed and the entire system is screwed because M$ did something. On one hand you closed a security hole that some virus would attack, on the other hand running updates tend to add new bugs into the system. I know SP4 isn't a patch but it is the same principle. M$ tells me I need to get to SP4 to fix some security hole I had, I upgrade hole it patched but my entire system is screwed because SP4 messes up TS. Now I have a lot of ticked off users, but I will say at least the system was running, pre-SP4 the system was completely down. Does anyone ever wish they we were out of a job because M$ would make a product that works? Gunnar -----Original Message----- From: Neil Bullock [mailto:n.bullock@xxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, December 10, 2003 4:14 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: SV: Re: Discussion: Microsoft to release patches once per month Svein Arild Haugum wrote: > I solved the laptop problem by doing: > I made an OU for Laptop Computers in AD. > Created a GPO wich installed the AutoUpdate klient, made the > AutoUpdate service autostart, turned of software install warnings. > Then i importet the WindowsUpdate template into the policy, and > configured the laptops to automaticly download and install updates > from WindowsUpdate (web). I'll play about with this and see what I can get going. The problem is people don't connect their laptops to the network that often, and many of them don't use the internet at home (or elsewhere). > "I think maybe they should release the patches as and when they are > available, but send out a mail summarising patch releases every > month." > I dont agree with this, this would give people who are die hard > security focused a better option, and hackers better options, since > they can find bugs up to a month before regular people even hear > about them. So once a patch is ready they MUST tell everyone, or keep > it quiet. That's true enough. Didn't think about that :) It is a dilemma - releasing patches regularly makes people complain about being overloaded with patches, and releasing them on a schedule makes people complain that major problems will go unpatched for a month. I wonder what would happen if someone discovered a vulnerability and exploited it on the scale of Blaster - surely Microsoft wouldn't wait for a month before patching the problem.. -- Neil Bullock, ICT Technician. Brayton College, Doncaster Road, Selby, North Yorkshire, YO8 9QS Tel: 01757 707731; Fax: 01757 213389 ******************************************************** This Weeks Sponsor SeamlessPlanet.com Register your domain name for as low as $7.75 per year! Cheaper than Godaddy..same great service! http://SeamlessPlanet.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ******************************************************** This Weeks Sponsor SeamlessPlanet.com Register your domain name for as low as $7.75 per year! Cheaper than Godaddy..same great service! http://SeamlessPlanet.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor SeamlessPlanet.com Register your domain name for as low as $7.75 per year! Cheaper than Godaddy..same great service! http://SeamlessPlanet.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm