OMG! View is amazing....

I might just forget about work when i see this type of view everyday... :)

To be honest: We got no other choice than to play Russian Roulette with our Systems - and the Systems of our Customers.

Everytime I patch my System at work there are problems I'm facing when trying to get back to work. So I'm in delay with patches about half a year.

Our customers about 1 year or more. With the last update of our Software we shipped a Link to the official MS Security Rollup for MS Win2k SP4 - we were facing following problems afterwards:

1) Customers were just not sane what to do and how this would affect the system. Well no problem so far, tech-support resolved it.

2) System hung in boot-loops not only single systems, but the most. We had to work on this for weeks, til every System ran normal again.

3) Some Systems even crash(ed) unreasonable, we're still working on configurations here - and still means: Our update shipped middle of Novembre.

I see the relevance of security patches, and am kinda paranoid myself, so I try to hold my systems up to date - BUT: It's nearly impossible. I can't tell our customers "there's a new security patch, we faced no problems installing it, but most probably you will." And I can't tell them "There'll be no problems" since they'll make me responsible for upcoming errors.

We are not able to apply patches by time since we got no guarantee they work properly and we are in debt to get systems secure - so much for Russian Roulette - thanks a lot for calling us dumbasses.

Oh and for "Windows NT", it's a good tip to get more actual systems, but it's also a question of the possibility for the companys. We needed to cancle NT support for our software partal with the last update, since some libs are using the .NET Framework 2 SP1, the same customers which want - and NEED security called to ask if there was no way using our software on NT Boxes, since the got no time oder money to replace them - or they just don't trust 2k or XP Systems, since they are facing problems after problems on single 2k or XP boxes.

Now tell me what to tell them?

"Sure thing, there will be no problem if you change und it's your problem if you don't what do I care?" Sounds like we're gonna lose them...

Sorry, but what is about:

1. Writing a Package Management System that can cleanly resolve dependencies?

In May Debian/Ubuntu had a security hole with a similar severity (http://www.ubuntu.com/usn/usn-612-2) and all everbody had to do was to type "apt-get install openssh-client openssh-server" and the problem was fixed. Not only was it fixed, you could be 100% sure that it won't have any site effects on other services you where running on your box.

I'm using Windows since the days of memmaker and 620 KB of free RAM and applying Microsoft Hotfixes and Service Packs still feels like shutting your eyes while driving a car on a motorway.

Yes, you can do some advance checking. Yes, you don't have to close your eyes very long. But if something hits you in-between you are in real trouble.

And once you have experienced things like a "simple" service pack installation on your central Exchange Server end up roasting the device driver for your RAID controller (ever tried to uninstall a service pack from an six disk RAID-Array you can't access?). You tend to get very, very cautionary in applying any updates at all.  

First:

Okay, I'm sorry for the "dumbasses" I see your point, just the "Russian Roulette" made me kinda angry, because I feel like a dumbass, if someone tells me that I'm accepting a risk like that without thinking about it.

2. It was no critic specific to MS, i just picked MS products since I'm working with them and am facing these Problems with MS products.

3. I totally agree with you but this doesn't make every customer agree with you, and that's the ppl that I have to serve.  Even if everything inside me tells me I can't help them if they don't accept my help or are willing to do the simplest things to get their systems secure and/or up to date.

4. Just a few words to NT: Many customers think "Never touch a running system" and NT works fine for them. They fear to be confronted with problems they - or we can't solve when changing their system. Even now since the update I spoke of, many ppl are NOT willing to change their Boxes to XP Boxes even if we tell them it would be best.

So, question again: What should - or could - I do? I've got to wait til the last decides to change. If he won't I have to accept that he "drives a 1920s vehicle". I've gotta hope that the end users lose the fear of changing their system. But I can't do anything than wait and tell them "when applying this patch there are no problems known to me, but this doesn't mean there are none".

No, i will not make an update. I will be in the news.

Roger - can a PC patched with MS08-067 saftey patch still be attacked and infected by Conficker or any mutants in a company network?

Fortunately, I do not have such problems. The only notebook I use is an iBook G4.

Thank you, Roger,

I am just a simple user who never had any problems with viruses, worms etc using the Mac. No reason to get sarcastic or upset and I do not want to open the stupid Mac-PC discussion.

One reason for my concern - our company has just shut down the whole network and I just wanted to ask if patched PCs could also catch the worm. You answered the question - yes - only one unpatched PC in a network is enough to spread the infection in the network. Really frightening though! Kind regards

Ende Oktober hat Microsoft eine außerplanmäßige Sicherheits-Aktualisierung veröffentlicht. Siehe dazu

Look, your company distributed software that has a security problem. So it has to bear the consequences and deliver the support. I would expect Microsoft to go to customers and help them to install the software as it is their fault, your company delivered broken software.

Why do customers have to roll out patches? Why do companies and European citizens have to invest their man-hours to fix what you broke! How are the compensated?

"Microsoft recommends that customers apply the update immediately."

Oh, nice attitude, go an fix your stuff as we said in bullettin message PBFX #1038478. As if it was our fault!

Who was fired and slain by your company for letting it happen? Did your company express its regret for delivering defect software? No, you rather insult your customers:

"Account Lockouts all over the place, admin passwords that were grabbed (often the Domain Admins) etc – and we had some really upset engineers as they had to work instead of having off because some customers were not up to their duty (and this is what it is for me!)."

Oh yes, you delivered defect software! You were paid for support! So don't complain! Go and fix the mess.

Andy, you must realize that Microsoft does indeed "help them to install the software".  It is called Windows Update.