Why Does a Minority get all the Attention?

Apr 20 2007

By Ira Winkler

The recent case of the new polar bear in the German Zoo got a lot of attention when some animal rights nut, and even most animal rights activists would call this person a nut, said that the zoo should kill the polar bear cub, because it’s mother rejected it. That statement was so absurd, but the statement by a relatively lone lunatic made international headlines. It baffles me that any media outlet gave any attention to such statements, but they did.

In the IT security space, we have our own minorities that seem to get a lot of press for very counter statements. The latest claims are from “security researchers” criticizing Microsoft’s patch processes. No, Microsoft’s patch processes aren’t perfect, but they are the way they are for very specific reasons.

First, patches have to be fully regression tested. As the recent ANI debacle from Microsoft shows, and I call it a debacle because of the fact that was an old vulnerability that reappeared in a new operating system, new software has to be fully tested before it is released. In Microsoft’s case, that will be time consuming under the best of circumstances, because of the shear bulk of the software. If you don’t like that, don’t buy Microsoft’s operating system. Again though, the choice of an operating system is much more complicated than a point issue.

Secondly, given that patches are regular occurrences, users requested that they be released on a scheduled basis. Clearly, exceptions have to be made for highly critical vulnerabilities, but Patch Tuesday is Patch Tuesday, because that is what large customers wanted.

It is easy for researchers to sit in their ivory towers, or where ever they sit, and pontificate how things should be done. However, there are millions of real world users that see things from a real world perspective.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Slashdot
  • Digg
  • del.icio.us
  • Reddit
  • digg
  • Technorati
  • StumbleUpon

Related posts:

  1. Attack on Macs
  2. Microsoft Reaches Out To Hackers With Vista
  3. Windows Vista Risks - “A Reality Check on PatchGuard”
  4. Microsoft Released “The Threats and Countermeasures Guide”
  5. ISO 27001 Standard Released

Posted by Ira.Winkler on Friday, April 20th, 2007, at 3:31 am, and filed under Articles.

Follow any responses to this entry with the RSS 2.0 feed.

You can post a comment, or trackback from your site.