How to keep your Microsoft software secure
I think it's irresponsible of Microsoft to make finding out about and installing software patches so hard. When you consider the huge number of people using Internet Explorer and other Microsoft apps, the amount of damage that could be caused to both individual systems and corporate servers is great.
I don't think software makers should automatically push updates to your computer--you should be able to find out what a patch will do to your system before you install it. But Microsoft could do a much better job of notifying the public when new security updates are available and make it easier to find detailed information about these flaws.
Case in point: If, as I did, you go looking for information about the IE patch on the Windows Update site, you'll be disappointed. The site briefly scanned my test system, and reported that no IE updates have been installed on it since last September.
But the Update site failed to mention the latest security update. I was, however, reminded to download updates from between September 2002 and February 2003--which sounded pretty out-of-date.
[ Read more ]
- News: Patching is the problem, says Microsoft (1 May 2003)
- News: Security holes: patch and pray? (9 April 2003)
- News: The Case of Slammer and the Broken Patching Process (30 January 2003)
- News: Microsoft's Patching Problem (18 December 2002)
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.