OT: MS Security not centralized at all
Indeed, at least they are on there web sites ;)
----- Forwarded message from WNT Mag Security UPDATE <securityupdate@list.winntmag.com> -----
X-MsgID: 20010
X-ListID: 1374
Date: Wed, 13 Oct 1999 15:30:40 -0600
Errors-To: securityupdate@list.winntmag.com
To: WNT Mag Security UPDATE
<securityupdate@list.winntmag.com>
From: WNT Mag Security UPDATE
<securityupdate@list.winntmag.com>
Subject: WinNTMag Security UPDATE October 13, 1999
**********************************************************
WINDOWS NT MAGAZINE SECURITY UPDATE
The weekly Windows NT security update newsletter
http://www.winntmag.com/update/
**********************************************************
[snip]
1. FROM THE EDITOR ==========
Hello everyone,
I'm getting weary of looking in a dozen or more locations for the
patches I need to keep my Windows NT systems up to date. As you know,
Microsoft locates patches in various directories on its FTP site and in
various locations on its Web sites. As an example of the
disorganization we have to tolerate, Microsoft has released numerous
patches for Internet Explorer (IE); those patches all apply to the same
application, yet the company has scattered them in different locations,
making the patches incredibly difficult to track down. The same
situation exists for various BackOffice components and other Microsoft
software.
I've illustrated one example of my frustration in this issue of
Security UPDATE. Microsoft recently released a new patch for IE 5.0.
Evidently, somebody at Microsoft decided to hide the patch on a Web
server, even though one of the last patches I had to load for IE 5.0
was on an FTP site.
I don't know about you, but I can't understand why Microsoft can't
locate fixes in a central location on an FTP site where we can readily
find them when we need them? Why must each group within Microsoft make
its own decisions about where to store patches?
I was so frustrated by this problem earlier this year that I took 2
days to write an Active Server Pages (ASP)-based application that
checks the different patches locations to see if they contain any new
fixes. You too can use this application by visiting my Web site
(http://www.ntsecurity.net) and clicking the Hotfix Hotlist link on the
home page. But even with this application, I can't keep up! Why?
Because Microsoft keeps coming up with more diverse ways to hide
patches. I say hide because that's how I feel we're being treated with
the disorganization of patch locations.
I'd like to see Microsoft place all patches on its FTP site in some
reasonable hierarchical structure. FTP works much better with
automation tools (such as SPQuery or my Hotfix Hotlist page) than a Web
site does. However, I wouldn't mind seeing the same fixes on a Web
site, as long as I can still find them on an FTP server organized in a
reasonable fashion.
How difficult can organizing a moderate number of patch files be?
Not very difficult if you ask me. So I fail to see why Microsoft hasn't
taken this initiative. I've expressed this concern to Microsoft on more
than one occasion, and I'm sure many of you have also expressed this
same concern. Perhaps someone at Microsoft will read this and get the
ball rolling. But then again, perhaps not. Until next time, have a
great week.
Sincerely,
Mark Joseph Edwards, News Editor
mark@ntsecurity.net
[snip]
|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
Copyright 1999, Windows NT Magazine
----- End forwarded message -----
--
------------------------------------------------------------------------
Fabien Ninoles Chevalier servant de la Dame Catherine des Rosiers
aka Corbeau aka le Veneur Gris Debian GNU/Linux maintainer
E-mail: fab@tzone.org
WebPage: http://www.tzone.org/~fabien
RSA PGP KEY [E3723845]: 1C C1 4F A6 EE E5 4D 99 4F 80 2D 2D 1F 85 C1 70
------------------------------------------------------------------------
Reply to: