Do security updates really matter?

[Phantasm66]

In these days of massive service pack downloads, constant security warnings and dozens of security problems found with IE and Windows, one can often wonder... Does it really matter to me?

Sitting all alone, bothering no one with your little computer and internet connection, are you really going to be hacked into? Does it really matter? Do we really have to engage in this constant process of keeping up to date with patches, virus and firewall updates?

Yes, yes you do. You certainly do. And why? Well because, an unpatched PC can be compromised in 20 minutes, that's why.

 

[SNGX1275]

The university where I work (and went to school at) will stop your network usage (file shares as well as internet) if you become infected with MyDoom and other virii. You are not allowed back on until its proven you are clean.

 

[EvilKernel]

Every person with an internet connection, specially an always on broadband connection, has a responsibility to keep their systems up to date as best they can. Unpatched end/home user PCs are many times the beginning of these widespread infections that end up costing millions of dollars for businesses and impact our economy more ways than we think. I can't count how many times I see my users systems have been the target of infections originated through email coming from outside friends and family, most of which don't even know they are infected.

Lets face it, there is a monoculture in the OS arena. We all end up paying the price whenever a new worm comes out one way or the other. Wether you yourself become infected or a company's whose services you pay for becomes infected because of end users not keeping up with their updates.

Also, the fact that there are so many XP Home machines out there with the insane raw sockets implementation MS decided to include on an OS where all users are admins makes it all worse.

However, users are not the only ones to blame. I mean lets face it, by the time MS releases these patches is already too late. It does prevent future infections but come on, the RPC patch came out on what April 2004 when the worm was reported to MS on October 2003? That is the beauty of Linux... crap gets fixed right away because of the strong backing of its users.

I am all for legislation to force both end users and business to comply. Computers are not a commodity anymore, they are a necesity and a critical part of everyday business. The goverment must pass legislation with hefty penalties for those who don't comply. Part of this legislation must also enforce compliance for software companies to do a better job keeping up with patches and releasing them in a timely manner.

 

[Didou]

That is one of the reason why people should read the "Be A Responsible Net Citizen" chart, before they even go online for the first time.

 

[RealBlackStuff]

Originally posted by Didou
That is one of the reason why people should read the "Be A Responsible Net Citizen" chart, before they even go online for the first time.

Use someone else's computer?

 

[RedRooster]

The main problem now is the easinest to get a pc and connect to the net. I mean anyone can buy a cheap pc from Walmart, best buy and other stores like that. Those pcs aren't patch, the people that sell them don't even know what they're talking about. So it doesn't take long before the customer comes back home, get on the net and is infected by Sasser and Blaster. Then he calls back saying the computer is broken. They'll fix it and give it back without explaning what happened and how to prevent it. Prevention and explaning what not to do would be the best thing, but it takes time. Time that the sale guy doesn't want to waste, and he knows that he'll loose money if they don't come back with another virus.

It will only get worse

 

[LaYkE]

Actually I think M$ do a fine and dandy job. Lets face it when a vunerablity becomes publicly known (and lets say it's the first time MS hear about it also) they break their backs trying to fix it. Just look at windowsupdate and see how many patches there are out compared to the security reports of holes in the software. I think you'll find a lot more. M$ don't tell you about a problem until they have a fix for it. They are only caught with their pants down when someone see's something they didn't. Even Mozilla firefox is the same.. patch after patch because they are testing it over and over for security vunerabilities.

 

[Nodsu]

Most of the fixes in Windowsupdate and firefox are for bugs, not vulnerabilities. And patch after patch to improve something constantly is much better than a huge service pack every couple of years.

And the fact that MS is trying hard does not justify the long patch release cycles. And the sheer complexity of Windows is not an excuse either. They wrote the thing and they are responsible for making it simple to patch.