Microsoft Users Upset With 'Security Updates'
Posted by configure on 24 December 2002 - 11:20 · 4 comments & 740 views
About the Author
Full name: Unknown
Forum name:
configure
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
configureContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
#1 Posted by Tom Servo on 24 Dec 2002 - 12:42
- [quote]One user with extensive security training, who asked not to be named, said she recently installed Windows 2000 Service Pack 3, which includes security fixes. The installation destroyed her network connection, forcing her to uninstall the service pack and leaving that machine exposed to the vulnerabilities the update should have fixed.[/quote] Yeah right. It's always these extensively trained people who have the most problems. Pffft.
-
#2 Posted by shanemca on 24 Dec 2002 - 12:51
- Perhaps the lady who has been trained "extensively" in security, should go out and get some basic training in networks and troubleshooting problems. Or perhaps she should simply go out and get a clue. As for the people running old software, that's their fault. If they cannot afford newer software, or don't want to run it, then that's their choice, but they shouldn't complain when Microsoft will no longer support it. As for IE 5.5, unless I'm mistaken, Microsoft still do support it. Microsoft don't just release security updates and patches through these automated tools. Go to the Microsoft Downloads page, it has some 3/4's of patches that get released. Many others are available on TechNet and Security pages. The only one's that generally you can't get elsewhere are ones like Movie Maker Updates and such. The only thing in that article I remotely agree with is Outlook 2002's security structure. I have gotten around it using the registry edit, others can use the various addin's if they want, but Microsoft really should have made a tab in advanced options inbuilt in it. Poor design choice.
-
#3 Posted by kioria on 25 Dec 2002 - 03:35
- you rather jaguar os x 10.2 - no security fixes, with ten of thousands of vulnerabilities, or microsoft windows xp/2000 with - security fixes, and ten of thousands of vulnerabilities reduced to just few hundreds? i'll go with microsoft.
-
#4 Posted by kioria on 25 Dec 2002 - 03:35
- even linux and beOS and unix. same as mac.
Users contacted by eWeek last week reported various technical problems with Microsoft's automated services that let customers download and install patches for applications such as Internet Explorer 5.5 or Windows NT 4.0. They also said that when they contacted Microsoft support personnel, they were told that the software they were running was outdated. The solution: Upgrade to a more recent, more secure version.
One user with extensive security training, who asked not to be named, said she recently installed Windows 2000 Service Pack 3, which includes security fixes. The installation destroyed her network connection, forcing her to uninstall the service pack and leaving that machine exposed to the vulnerabilities the update should have fixed.
Others say that the combination of problems with Windows Update and other such services, along with Microsoft's decision to release some of its patches solely through these automated tools, have led them to dispense with installing some fixes altogether.
Although Microsoft has agreed as part of its consent decree with the Department of Justice to continue to provide support and updates for its older products, the users say the company seems to be penalizing customers who use legacy applications by making it difficult for them to obtain patches.
"More and more security hot fixes seem only to be available via Windows Update. We use [St. Bernard Software Inc.'s] UpdateExpert for patch management, and now some of the hot fixes can't be directly downloaded by the tool," said Doug Wyatt, systems administrator at Kohlman Systems Research Inc., in Lawrence, Kan. "Then there are the apparently intentional difficulties in manually obtaining NT 4.0 patches for use when you don't have a hot-fix management tool running on Windows 2000. Do you suppose Microsoft wants to help me decide to upgrade from NT 4.0 to XP?"
Microsoft's Trustworthy Computing initiative has included security reviews of the code in many of its products. As a result, those current and forthcoming applications are being hardened and made more secure than prior versions.
Microsoft officials said the company encourages customers to upgrade to Windows XP and IE 6.0, among other applications, but denied that it is pressuring customers to do so.
"Certainly NT 4.0 and IE 5.5 are still under support," said Steve Lipner, director of security assurance at Microsoft, in Redmond, Wash. "Would I prefer that as many customers as possible be on IE 6 from a security standpoint? Yes. And we've done more with XP than we did with NT as far as security is concerned."
But Patrick Flannigan, an IT administrator at CFS Mortgage Corp., in Phoenix, said Microsoft's decision to emphasize security over functionality has made even Microsoft Outlook 2002 useless in his company.
"The average end user has no choice but to accept Microsoft's decision as to what they can or cannot download," Flannigan said. "I don't believe I'll ever be able to trust them again with patches ... only applying them if I feel they won't affect my existing software."