Dvorak on patching

John Dvorak has a rant on patching and the state of IE that has a statement that is somewhat misleading in my opinion. In speaking of the announcement this week of 10 security updates for Windows and IE, Dvorak said:

It would be nice if there were more options than patching software, but unless you are willing to get a Macintosh or run a Linux computer you are just going to have to patch your machine over and over, probably weekly. And these patches are almost always necessary.

I sincerely hope that Dvorak isn’t suggesting that Mac and Linux users don’t need to patch their machines. In fact, perusing the archives of the SANS.org @Risk security newsletter makes it clear that there are plenty of vulnerabilities being found in Linux, Mac OS X, and other *nix operating systems.

I can certainly sympathize with Dvorak’s point about the pain of keeping up with patches, but I don’t think it helps anyone to suggest that this is a Windows-only problem. There’s no such thing as an operating system that doesn’t require patches. What’s important is trying to make it easier for users to keep their machines up-to-date. Windows XP Service Pack 2 is an important step in the right direction on that front. It’s true that there have been some compatibility issues with SP2, and hopefully we’ll be able to resolve those. But it also includes a number of changes that can help preemptively prevent vulnerabilities from being exploited. It also strongly recommends that users enable automatic updates, which can greatly simplify the process of keeping a computer updated for end users.

Dvorak is right to keep the heat on Microsoft on security…not because I think the company I work for is doing a bad job…but because the more pressure that’s applied, the better when it comes to security. Where I disagree with Dvorak is his presenting a misleading picture of other operating systems as not requiring regular patching. It’s not true, and he does a disservice to his readers by leaving that impression. I’m all for pushing hard on security…I’d just like it to be fair and accurate.

Comments (5)

  1. Doug Lawty says:

    Good points.

    The other thing I noticed about Dvorak’s article is that he refers to "patch Tuesday" and applying patches weekly. He doesn’t seem to recognize that Microsoft doesn’t actually release patches every Tuesday but only the second Tuesday of the month. Ten patches a month is a lot better than ten patches a week!

    See also:


  2. Brendan says:

    It sounds like Dvorak hasn’t installed a piece of Linux software from source lately.

    Too often during the configure you find out that one or two components you have installed need to be updated, and in doing so they too are likely a require never versions of even more.

    At least with a Microsoft patch, you have the idea beaten into you that you need to patch in order to remain up to date and secure… under Linux, I have yet to run into a justification for so many applications requiring the very latest versions of different components.

  3. Marc says:

    Dvorak has a point regarding quality. When patches are released, they should work. Not partially, but always. My primary development PC is offline due to the patches that were released on 10/13. It’s hanging at the Initializing installation prompt and no one at Microsoft has been able to help.

    This is the first time I’ve had a problem with a patch, but I now understand why other users have expressed extreme frustration with the process. If patches are going to be released and deemed critical, they should be of the highest quality, tested thoroughly and supported promptly. Right now, the call queue for the Windows Update group is between 1 and 3 days.

  4. Nigel says:

    reply to Marc 10/14/2004 10:57 entry

    I had same thing "Initializing Installation…" does nothing for a very long time….

    To see if its actually same thing, can you go to My COmputer, Properties, and tell me if you have a System Restore tab. You should if you are an administrator of your PC. I am, and I Didn’t! Something since SP2 (and I don’t think it was SP2 itself) clobbered it.

    My solution.


    Then reboot and check My COmputer / Properties again. In my case System Restore had returned. Since I figured it was probbaly shagged in any case, I then disabled it on all drives.

    Then I remembred in the Inupdate log file the Initializing Installation.. phase started by setting a "System Restore Point". Ha!

    Now that system restore in my pc was disabled, I tried the updated, and bingo! All installed OK.

    Hope this helps

    Incidentally I entered a support request with Microsoft and they have only just sadi they are dealing with it. I worked this out in the meantime. Its NOT a solution, but for me it moreorless says problem is not WinUpdate itself.


  5. PDR says:

    Well done N !! I had same problem with hanging on "Initializing installation …".

    I tried uninstalling SP2 and re-installing but no effect. Then I found your suggestion with SFC /SCANNOW and disabling the System Restore utility. It worked a treat. Updates now working again. Brill !! Thanks.