Microsoft's Patch Dilemma - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
Commentary
10/18/2005
11:30 AM
David  DeJean
David DeJean
Commentary
50%
50%

Microsoft's Patch Dilemma

Microsoft wants you to know it's making progress on the security of its software. It's feeling so comfortable, in fact, that last Thursday and Friday it held a meeting in Redmond and invited several security consultants to critique its performance. Unfortunately, the PR value of the "Blue Hat" (the consultants aren't black hats -- the bad guys -- nor are they necessarily white hats -- the good guys, get it?) session was undercut by problems in Microsoft's most recent set of patches to fix secur

Microsoft wants you to know it's making progress on the security of its software. It's feeling so comfortable, in fact, that last Thursday and Friday it held a meeting in Redmond and invited several security consultants to critique its performance.

Unfortunately, the PR value of the "Blue Hat" (the consultants aren't black hats -- the bad guys -- nor are they necessarily white hats -- the good guys, get it?) session was undercut by problems in Microsoft's most recent set of patches to fix security vulnerabilities in its products, released last Tuesday.Microsoft was feeling so comfortable, in fact, that it invited The New York Times' Jon Markoff to the meeting. Markoff wrote a favorable story in Monday's Times (you can read it here, if you got a user account) that included a lot of statistics, obviously provided by Microsoft, on how the quantities of security bulletins issued for its products, have fallen over the past year or so.

But at the same time, the company was admitting that it's patch for a Windows OS vulnerability was causing problems. The bug seems to affect only systems that have changed the default permission settings of the COM+ files, a group that probably doesn't include most of us. There were also reports of problems with the behavior of Internet Explorer after Tuesday's patches were installed. (Microsoft hasn't yet decided whether this is a buggy patch or not.)

There are a couple of problems here. The first, and most obvious, is that it doesn't really matter if Microsoft is giving the bad guys fewer ways to break users' systems if Microsoft itself is finding new and creative ways of breaking users' systems.

The more serious problem is that if Microsoft's security patches develop a reputation for causing as many problems as they fix, then users won't apply them.

It doesn't really matter that the Windows problem seems to be an obscure, hard-to-test-for bug. It's the perception of users, reduced to a simple equation, Patches=Problems, that Microsoft has to fight against. It's got to test thoroughly, yet fix problems expeditiously. It's a dilemma with few right answers except "Communicate, communicate, communicate." To it's credit, that seems to be what Microsoft has been doing. It's talking, openly admitting to problems, and listening to critics like the "Blue Hats." And that -- far more than trying to use quantities to spin what is really a quality issue -- really is progress.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll