Theory to prove: Patching sucks across the board

Eriq Neale said he was going to have fun with this so I’m beating him to the punch line. 


You see this is all the fault of the recent posts about Microsoft’s supposed stealth updates, changing of settings and what not, but it’s been building up for a while now.  We all joke about ‘evil Microsoft’ but it gets annoying when people don’t understand their systems to the point where they make claims that just aren’t true.  I write articles on patching for Brian Livingston’s WindowSecrets and over the last year there’s a steady amount of folks that don’t trust the patching. Claim that Microsoft is in there changing settings without their approval and just enough stuff about patch management that it documents both how little we understand of the patching system and how little Microsoft has externally documented it.  Sure it’s in some of the help menus inside Microsoft update, but this KB is just proof that Patching sucks:  http://support.microsoft.com/default.aspx/kb/822798


Well it’s also my theory here that Patching Sucks across the board.  Change hurts.  Change management isn’t fun period and no matter what the platform if your patching screws up, you are not a happy camper.  But I don’t want to be a second hand blogger on patch pain.  I strongly believe that one has to roll up the sleeves and wallow.  Because if you don’t have first hand knowledge all you get is the FUD and the spin.  And even though I’ve heard from folks running Apple machines that they can’t find the Sun Java 6 they need that is supposedly somewhere on the Apple site and instead are directed to the insecure 5, and even though there is little in the way of robust third party patch management solutions and communities for Ubuntu or Mac, and even though you can’t run Secunia’s Software inspector on a Mac (which is my favorite standalone patch scanning tool for the Windows platform), I don’t want to be second hand armchair quarterback any more, I want first hand experience.  I want to experience sucky patching across the board for myself.


So with help from Eriq Neale and his Apple Store presence, there’s a Mac Mini in my future.  And as he joked if I wanted to load up parallels, fusion and load up Ubuntu and Vista on the Mac Mini I could experience not one, not two but three “Patching Sucks” experiences on one box.


And Eriq said he was going to love the fact that the very first customer in his Apple store is the very last customer he ever expected to be his first as I joked the other day that beancounters don’t change at all.  But I think Eriq forgot that I’m passionate about patch management (you’ll find me on www.patchmanagement.org on that subject) and FUD annoys the heck out of me. 


So here’s my theory…. that patching is no easier in any other platform and vendors aren’t clear in helping us keep secure and patched.  And here’s where I prove it… by first hand deFUDing.

Dear Apple Customer,

Thank you for shopping with Apple!
Mac mini, 1.83GHz Intel Core Duo 

Part Number: Z0F0

Mac OS X – U.S. English
Combo Drive
2GB 667MHz DDR2 SDRAM – 2x1GB
80GB Serial ATA drive
1.83GHz Intel Core 2 Duo
Accessory kit

4 Thoughts on “Theory to prove: Patching sucks across the board

  1. You want the best patching solution in the world ? Here it is.

    http://www.configuresoft.com/sum.aspx

    I even had guys fly out from the company one day to sell me on it and that was after I was already convinced.

  2. Patching doesn’t suck for MAC users because they just say NO to patching.

  3. It’s not just patching, it’s also manging the patching for groups of machines. For small and medium businesses, using a tool such as Sever Center Essentials 2007 would make the process more manageable.

  4. It’s not just patching, it’s also managing the patching for groups of machines. For small and medium businesses, using a tool such as Sever Center Essentials 2007 would make the process more tolerable.

Post Navigation