As expected, yesterday Microsoft rolled out five "critical" and three "important" patches for Windows Server 2008, Vista, Office, Internet Explorer and other software as part of its regularly scheduled Patch Tuesday release. The eight-patch rollout is significant in that Redmond has now released 25 fixes in the first four months of 2008 -- a pace well on track to exceed 2007's 69 security bulletins. St. Paul, Minn.-based Shavlik Technologies' Chief Technology Officer Eric Schultze cites today's release as a good news/bad news affair.
"All eight bulletins this month are client-side vulnerabilities. In other words, your system is safe unless a user logs in and opens documents, reads e-mail or visits an evil Web site on that computer. Systems where no one logs on and does this are safe," Schultze said. "[But] of the five OS-related vulnerabilities this month, four impact Vista and Windows Server 2008. This doesn't speak well for the debut of Windows Server 2008."
View: Microsoft Security Bulletin Summary for April 2008
News Source: Redmond Mag via MSFN
"All eight bulletins this month are client-side vulnerabilities. In other words, your system is safe unless a user logs in and opens documents, reads e-mail or visits an evil Web site on that computer. Systems where no one logs on and does this are safe," Schultze said. "[But] of the five OS-related vulnerabilities this month, four impact Vista and Windows Server 2008. This doesn't speak well for the debut of Windows Server 2008."
View: Microsoft Security Bulletin Summary for April 2008 News Source: Redmond Mag via MSFN
This is always a risky claim to make, and one security analysts still often make.
Operating System A has more vulnerability fixes than Operating System B.
Does that mean Operating System A is less secure?
This is actually hard to tell. It could just be that Operating System B is seeing less market impact with less bug reports coming from that, for example. Or maybe OS B simply has fewer active developers.
What the analysts should look at, is not the number of security fixes, but the amount of severe and still open bugs. I'm not defensive and saying Windows is faring well there, just that this is the more important statistic, than what could otherwise just be thanks to an active and efficient security team at Microsoft. Fixing bugs frequently is a good thing. That something has many bugs is a bad thing. But then again, a lack of bug fixing is a poor indicator of few bugs in a product, at least when it's as complex as an entire operating system. Then many more factors can be contributing.
Last edited by Jugalator on 09 Apr 2008 - 10:53
9 patches for me including Outlook junk e-mail filter.
Serious Face
One of them was an update to that feature I think.
If Microsoft want to increase revenue they should buy ISP's - the bandwidth required to keep their OS's up to date guarantee largesse.
Though I understand your intention, this means nothing. All OS's have endless patches until they are no longer supported. If you are actually complaining about the volume ... really? Doesn't seem like many to me.
And 3-5 or so patches a month isn't that much, specially how some of these aren't just for the OS but for other apps like IE and Office.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.