[Dshield] Microsoft patches

Portz, Jon jportz at kforce.com
Mon Oct 20 19:08:55 GMT 2003


Just of curiosity, how did your XP machines weather the botched patch that
cut system performance by like, half? Or NT 4.0 SP6a - Win2K SP3 mysterious
reboots post the plethora of MSRPC/DCOM patch debacle? 

My personal experience from assisting our systems folks is that M$ rarley
gets it right. Don't get me wrong, it's not really their fault, how can they
be expected to release a patch that is all encompassing and does not break
ANY applicational functionality. 

I guess my point is this, if you are in an environment that has very
specific role-definitions for production systems, then your chances of
running into conflicts durring patch-time are incredibly reduced (on any
platform, not just M$). Unfortunately, and I have been guilty of this as
well, a lot of engineers, architects, managers, etc. make the determination
that it is perfectly ok to consolidate a File/Print server with a DB, Web,
or "Insert Production App Here" ad nauseum...

Better enterprise archtecting leads to smoother long-term maintenance.
 
Jon Portz
Network Security Geek

-----Original Message-----
From: Bob Savage [mailto:bsavage at rnr-inc.com] 
Sent: Monday, October 20, 2003 12:43 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Microsoft patches

Your advice is noted and appreciated, and I've seen it often on this list,
but I guess this was my point in the original post.  I do understand that
many people have the problems you describe.  However, we've never, ever, had
any problems with Microsoft patches.  Never.  Our network is small, simple,
and uncluttered, and that we do keep up with patches and updates of all
kinds.  Other than that I'm not sure what the difference is.

Bob Savage
Another "IT Manager"


-----Original Message-----
From: IT Manager [mailto:ITmanager at rjl-pensions.com]
Sent: Monday, October 20, 2003 11:04 AM
To: General DShield Discussion List
Subject: RE: [Dshield] Microsoft patches


Just some advice if you dont already know this..

Installing the patches automatically is sometimes not a good idea. You might
want to install the patches on your machine first or on a test machine just
to make sure that they do not interfere with your programs, there is nothing
worse than installing a patch and then not being able to boot up all the
computers because one of the patches "fixed" something that you didn't want
it to.

just some advice.



-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of David Klotz
Sent: Monday, October 20, 2003 11:06 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Microsoft patches


I also run a fairly small, reasonably uncomplicated network (about 20
desktop Widows XP boxen, a couple Red Hats, and one OS X Macintosh).  I
had most of the Windows machines set to "Download but don't install".
While doing some work on one of the machines I noticed that about 2
months worth of patches had been waiting in the queue.  That was point
where I set everyone to "Download and install automatically".  So far
I've had no problems (knock wood).


-dk




> -----Original Message-----
> From: list-bounces at dshield.org
> [mailto:list-bounces at dshield.org] On Behalf Of Bob Savage
> Sent: Monday, October 20, 2003 8:51 AM
> To: General DShield Discussion List
> Subject: [Dshield] Microsoft patches
>
>
> First a disclaimer!
>
> <snip>

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.528 / Virus Database: 324 - Release Date: 10/16/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.528 / Virus Database: 324 - Release Date: 10/16/2003

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list