-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
____/ Richard Rasker on Sunday 14 December 2008 16:22 : \____
> I guess it's just been Patch Tuesday again -- as no less than four people I
> know contacted me in the past few days about their Microsoft crapware
> having succumbed once again to some Trojan or other, and several more
> complaining about their machines having become even slower than usual all
> of a sudden ... From what they told me, it was a simple matter of
> "click-oops" in all cases, and they were all using up-to-date antivirus
> software.
> Is there something out there affecting over lots of Windows machines right
> now? If so, I think I'll reserve a little more time the next few days for
> extra Linux installs (with two new installs scheduled for tomorrow alone).
>
> Perhaps we should rename "Windows Patch Tuesday" to "Linux Install
> Wednesday" ...
>
> Richard Rasker
Isn't there a "zero-day Wednesday"? One day after the patches arrive a new
0-day is usually scheduled to surface in the form of attacks that make
botnets.
Here's how the cycle goes:
1. Many flaws get reported, accumulated, and then mostly ignored
2. Attacks on the unpatched flaws begin, so Microsoft ‘kindly’ bothers to
work on patches in a rush
3. Patch Tuesday arrives and Microsoft delivers a slew of patches
(occasionally delivering nothing critical for bragging rights in the press,
only to deliver a massive number of critical patches the following month, i.e.
deferral)
4. Patches arrive too late, after many servers and desktop have already been
hijacked
5. A number of zero-day flaws emerge, some of which exploiting
vulnerabilities Microsoft has been aware of for a long time
6. Patches turn out to be dysfunctional and consequently many computers are
left out of services
7. Microsoft reworks the patches and then delivers a patch to the broken
patches
8. Repeat (1)
[ http://boycottnovell.com/2008/12/11/microsoft-patch-cycle/ ]
- --
~~ Best of wishes
Roy S. Schestowitz | Here be hills, there be dragons!
http://Schestowitz.com | RHAT Linux | PGP-Key: 0x74572E8E
19:20:01 up 60 days, 3:38, 2 users, load average: 1.70, 1.45, 1.15
http://iuron.com - Open Source knowledge engine project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklFXY4ACgkQU4xAY3RXLo5PLgCfUG31Piz9BtUG92Z8xSrAOphQ
wNEAn1YC7n6XcpRJkfJs+RrXeIqdIrRX
=AQdj
-----END PGP SIGNATURE-----
|
|