Profile

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
Unixronin

Links

December 2012

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Navigation

Page Summary

Most Popular Tags

Expand Cut Tags

No cut tags

"Patch previews" from Microsoft

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
[personal profile] unixronin
Wednesday, May 19th, 2010 05:43 pm

Microsoft has launched a pilot program for governments and critical infrastructure providers to gain access to in-depth technical information about operating system patches before they are released on the second Tuesday of each month.

I find this bothers me.  What makes the government so special that they should get this information but I shouldn't be able to access it?

Make the information available, or not.  But making it available just to the government and "critical infractructure providers" Because They're Somehow Special is silly.  My infrastructure is crucial to me.  How come I don't rate access to the information?  Who gets to decide whose infrastructure is "crucial"?

  • Current Location: Gilford, New Hampshire
  • Current Music: The Alan Parsons Project :: Pyramid :: In The Lap Of The Gods (05:28)
Tags:
Flat | Top-Level Comments Only

guppiecat: (Default)
[personal profile] guppiecat
Wednesday, May 19th, 2010 09:48 pm (UTC)
You're confusing the marketing explanation with the business reality.

What's going on is that a few months ago, MS released a patch to a problem that was being actively exploited. However, due to malware activity, applying the patch caused blue screens all over the place. It's not really MS's fault*, as the patch worked fine on non-compromised hosts. However, it's not really the business's fault*, as they couldn't protect against exploitation before MS released the patch. It sucked all around.

So what can you do about? You can't not patch, and you don't have time to test. The governments have the clout to pressure MS and get some advance notice, so they used it. They win 'cause they're big. We lose 'cause we're small. Of course, it's easier for us to use other solutions, like *nix instead of Windows, so there is a balance... just not an ideal one.

* Realistically, I think it's everyone's fault, as if they had managed the risk better, the problem wouldn't have happened... but reality and business seldom coincide.

ext_85396: (Default)
[identity profile] unixronin.livejournal.com
Thursday, May 20th, 2010 02:20 am (UTC)
As noted in my reply to [livejournal.com profile] ratseal below, the question I'm really asking here is, if they're making that advance technical information available to the government and to whoever Microsoft thinks is a "crucial" service provider who needs it, does it really cost any more to just give everyone access to it?

guppiecat: (Default)
[personal profile] guppiecat
Thursday, May 20th, 2010 01:24 pm (UTC)
The detailed technical information is enough for attackers to craft exploits from. That's why they want to keep it as secret as possible. While I question the belief that "friendly governments are safe", it is a very common belief in the IT security space.

It doesn't cost more in terms of dollars. It costs more in terms of perceived risk.
Flat | Top-Level Comments Only