I agree, auto update is a bad idea. See this http://www.eweek.com/article/0,3658,s=712&a=25733,00.asp article for info on how windows update actually _reomved_ patches due to a bug. The irony of it all is that it removes the patch that fixed a vulnerability in which Nimda exploits! Paul -----Original Message----- From: unprivileged user [mailto:jsbloomat_private] Sent: Tuesday, May 07, 2002 6:20 PM To: zeno Cc: vuln-devat_private Subject: Re: Publishing Nimda Logs On Tuesday 07 May 2002 17:06, zeno wrote: > Here is an idea. > > Perhaps make windows do updates every 5 minutes in default install. > Problem solved. > > > - zenoat_private Aacckkk! No! Windows XP Pro has the automatic update service enabled by default and that is a BAD idea. I want to know what patches are going to be installed before they reach my production servers. For one thing I don't want to install things that don't apply to my system. For another patches are not always tested sufficiently (NT4 SP2 anyone?) I would prefer that Microsoft leave this function out of the default install and opt for "inform me when a patch is available" mode instead. They can even make it red and flashy and say "critical" but don't install it for me.
This archive was generated by hypermail 2b30 : Tue May 07 2002 - 16:17:57 PDT