[LINK] How many patches?

Chirgwin, Richard Richard.Chirgwin@informa.com.au
Tue, 8 Oct 2002 10:55:26 +1000 

One linker said "60 patches", another says "six". So I looked over the MS
site...

For MS XP there have been three service packs (accumulative more than half a
gig, at least that's what I glean from the site). 

Security bulletins: there are 54 in the 2002 series. I didn't read all of
them, but from MS02-001 to MS02-021 there are ten "user" bulletins, the rest
are "administrator" bulletins (of course, some are both, an admin needs to
fix user machines, but I'm sticking to a consumer/business split here).

All the user bulletins included a patch to download. We're up to number 54
for the year, so if the number held true there would be 27 user bulletins,
each with a patch to download.

That's not sixty, but it's not six either.

The user could simply wait. Don't apply the patch until it's released in a
service pack. But there, you have a problem: you remain exposed between the
date of the exploit and the date of the service pack. "Patch immediately" is
the advice given by M$ for most of the user-level patches. So we have an
aggregate with service packs and patches of around 30 downloads so far this
year.

Which is why Bugbear took off: users don't patch - and at three patches a
month, why should they? I know that hobbyists and enthusiasts will rise in
outrage at this statement: but an ordinary consumer simply shouldn't have to
devote that much time and attention to massaging the PC.

There's also the sordid matter of money. Were I following this behaviour, I
would have made 30 calls to the ISP just for MS updates (not counting any
data charges I might incur). For that, I get nothing, in terms of extra
functionality - the user spends the update money for no benefit except to
stand still. The machine still crashes, and next week there'll still be
another download or patch, and around we go.

Let alone the cost to the economy of tens of thousands of people downloading
tens of thousands of gigabytes to achieve almost nothing...

Richard Chirgwin
----------
For Link list information see http://sunsite.anu.edu.au/link/