Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

To patch or not to patch?

  • 15-01-2003 04:55PM
    #1
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭


    Thinking back on the various threads we've had here about known vulnerabilities being exploited and whether admins have themselves to blame or not, the views have tended to be between "Well, the admin was lazy, there was a patch out for that" and "The admin was overworked and those bloody kids shouldn't be hacking into our servers" which doesn't ever really lead anywhere [*] (and don't bring it up here, or I will moderate you).

    I'm curious. Are there any people out there who are estimating eurodollar costs of patching vulnerable hosts Vs the likely cost of not patching based on (say, for example) potential service outage, secondary impact and the probability that the vulnerability will be exploited? In other words, is anyone making a decent business case for not applying patches? Opinions and details would be cool :)

    [*] Personally, I think the first is said by sorts of kids who use Linux and don't see why companies like Sun actually put patches through a proper test run, and the second is said by people who don't have decent patching mechanism set up, but they're probably discussions for another time/thread.


Comments

  • #2
    DeVore
    Business & Finance Moderators, Entertainment Moderators Posts: 32,387 Mod ✭✭✭✭DeVore


    I keep my XP bang up to date with the emergency patches because I'm on broadband and it doesnt take much to do it.

    HOWEVER, I installed SP1 and all feckin hell broke lose. Machine went into a permanent boot cycle (boot up... attempt to start windows...fail....reboot itself...).

    There was NO WAY to recover this (I tried a wide variety of recovery tools) and eventually I had to reinstall XP and start patching from scratch. I lost a ton of time effort and sweat and a number of my apps are behaving abnormally now (missing configs and registry keys I think).

    2 week of arsing around and eventually I had to buy another copy of XP (my key had expired... which I still dont understand as it wasnt warezed!).

    Anyway, I can see the threat to a big company as each patch is a mini-migration to a new OS in effect.

    The cost of that MUST be weighed against the risk factor involved.

    Personally I dont have much on my home machine I need to protect, I really only use it for browsing and games playing. I'm not going to install another major service pack because the threat/risk to me is NOT as big as the risk I'd lose another 2 weeks of computer time.

    The hackers can have my world famous chilli recipe and the pictures of my snowboarding holiday. If they can crack my machine from behind the basic protection I have on it and behind a server and only on when I'm using it then they deserve that much.

    DeV.


    ps: please please PLEASE come on to this thread and say that I shouldnt use M$. I have had a REALLY bad day and I'm in a f*ckin foul mood and I would love to justifiably give someone a decent hard kick in the cnnt!


  • #3
    hussey
    Registered Users, Registered Users 2 Posts: 6,240 ✭✭✭hussey


    You shouldn't use MS

    ... but seriously

    why did you have to buy another XP? .. Why could'nt the first one work (I have never used it, so dont know much about it)


Advertisement