On Mon, 30 Jul 2001, Seth Arnold wrote: > [1] they put an awful lot of effort into copyprotection .. how about > 'forced upgrade protection', that disables internet connections when > computers are unpatched for 14 days after release of a patch? Or how > about machines that automatically apply patches? Or email administrators > every time a patch is released? You presume the cure (patch) is better than the disease, which isn't always the case. I suspect many of us have been in a position where we have software with a defect (not necessarily security related) and a patch that fixes the defect, but breaks something else much more important. Forced upgrades could require you to break your system to fix a problem which doesn't really impact you. I'd also be wary of trusting any vendor who couldn't get the original software right to create software that could terminate my employer's internet connectivity if they're not satisfied the system is patched correctly. Perhaps that should be a general principle. Don't buy or support any software which considers a denial of service a "feature". :) Incidentally, I have done most of the self-patching system. I stop short of letting it apply the patches for exactly the reasons above. Instead, I have it email me what it thinks should be applied and yes, it is sometimes wrong. Rob -- ------------------------------------------------------------------------------ Rob McCauley Radiation Oncology Duke University Medical Center ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 10:03:07 PDT