Microsoft ponders automatic patching

Free Newsletters

Log-in | Register

Microsoft ponders automatic patching Getting users to secure computers becomes higher priority
By Joris Evers, IDG News Service August 22, 2003			E-mail Printer Friendly Reprints Slashdot It!

In the wake of a widespread Internet worm, Microsoft Corp. is weighing options to get more users to secure their computers, including automatically applying security patches to PCs remotely, the company said Thursday.

Free IT resource

Hear how top CIOs turn change into a competitive advantage.

Sponsored by InfoWorld

"We are looking at a range of options to get critical updates on more systems, from finding ways to encourage more people to keep their systems up to date themselves to where it is done automatically by default for certain users," said Matt Pilla, senior product manager for Windows at Microsoft.

Microsoft does not plan any immediate changes to the way it delivers security patches, but the company also does not intend to wait until the release of its next operating system to improve it, said Pilla.

"This is a priority for us. I think there are a lot of things we can do during the Windows XP time frame to help people make their PCs more secure," he said. The successor to Windows XP, code-named Longhorn, is expected to be out in 2005 or 2006.

Microsoft currently delivers software patches through its Windows Update Web site and through update software in Windows XP, Windows 2000 and Windows Me. The software does not download and install patches by default, but asks a user to select from various options, including just alerts when an update is available.

"Giving the user the ability to control auto update is important to us," Pilla said. "One of the things we are working on is a balance between keeping systems up to date and giving users the control over their systems."

Microsoft on July 16 issued a "critical" security update that fixes a serious security vulnerability in Windows. The company urged customers to patch up. Many apparently ignored the warning, the Blaster worm that started spreading weeks later was able to infect hundreds of thousands of computers by taking advantage of the vulnerability.

Russ Cooper, surgeon general of TruSecure Corp. and moderator of the popular discussion list NTBugtraq, is one of the most outspoken critics of Windows Update. Nevertheless, he is all for automatically delivering security updates.

"I think it is a great idea, they should have done it ages ago," he said. "We will scrutinize the way they do it. I applaud them for willing to be put under such a microscope for something they believe the world does not trust them to do."

Microsoft has no choice, it has to take patching in its own hands, said Rob Enderle, principal analyst at Enderle Group in San Jose, California. "They absolutely have to create a program where patches are applied automatically," he said.

People worried about giving Microsoft control over their systems should weigh the alternative, Enderle said. "People really don't want to give Microsoft access, but if they don't then the patches don't get applied timely. It is about relatives, do folks trust Microsoft more than they trust a hacker?"

E-mail

Printer Friendly

Reprints

Slashdot It!

TOP NEWS:

» You don't know tech: The InfoWorld news quiz
Match your weekly tech news wits against our snarky quiz master

» Antitrust review of Google-Yahoo deal no surprise
While serious antitrust problems are unlikely, both Google and Yahoo expected their partnership to be subjected to instense DOJ scrutiny

» Top 10: Coreflood, more Microsoft-Yahoo, iPhone plans
This week's wrapup of the top tech news stories includes more Microsoft-Yahoo rumors, iPhone updates, Flash searches, Oracle's BEA roadmap, and more

» Four 'important' Microsoft patches due Tuesday
Not rated "critical," fixes apply to "Elevation of Privileges" and "spoofing" bugs for Windows, Exchange, and SQL

» Judge grants RIM a stay in Visto patent trial
Trial delayed from beginning next week while patent office studies validity of certain parts of e-mail provider Visto's patents as requested by RIM

» Developers satisfied with Apple's enterprise work
Mac developers feel that Apple shouldn't try to make a broad attempt to win over enterprises and should instead focus on certain areas within the enterprise

Remote Access: Maintain Security and Decrease the Burden on IT
Join this interactive webcast to discover how IT Managers can control access rights, end-user security settings and end-point authorization. Sponsor: Citrix(R) GoToMyPC(R) Corporate

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Going mobile with today's technology - Mobile applications are transforming how companies operate. With new ways to work flexibly, employees are becoming more ...
Measuring mobile productivity - Companies must be able to measure productivity gains from mobile working. Productivity is notoriously difficult to measure...
Thinking about IMS - IMS's increased flexibility and the potential it offers for new services will create a fundamental shift in the way that...
Agile Development: 5 Steps to Continuous Integration - As more and more organizations adopt agile development, the need for continuous integration of a build can be a daunting...
Leading Analysts: Pen Testing is a Requirement - In a newly-published case study, Gartner's John Pescatore, one of the most respected analysts covering the IT security market...
Get more from your Electronic Software Delivery investment - Electronic software delivery (ESD) offers software vendors the potential for significant business benefits. By enabling ...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

FIND PRODUCTS AND COMPANIES

» COMPLETE PRODUCT GUIDE

TECHNOLOGY INDEX

• Applications
• Application Development
• Security
• Networking
• Wireless
• Platforms
• Hardware
• Data Management
• Storage
• Web Services
• Business
• Telecom
• Professional Services
• Standards

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. AT&T - Factors to consider when comparing DSL or Cable Cirba - Advanced Workload Analysis Techniques CA - Manage your IT more effectively. Efficient - Flexible - Compliant HP/Intel - If you don't have enough I/O, your VMs aren't going to go. Rackspace - Go Green Without Sacrificing Server Performance AT&T - Measuring mobile productivity AT&T - Thinking about IMS CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event AT&T - Going mobile with today's technology Cirba - Consolidating Workloads onto Mainframes AT&T - What to expect from a Technology Assessment. AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography		Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist