mailing list archives
Re: Microsoft distributes free CDs in Japan to patch Windows
From: Valdis.Kletnieks () vt edu
Date: Mon, 25 Aug 2003 10:00:24 -0400
On Mon, 25 Aug 2003 08:35:43 CDT, Jack Bates <jbates () brightok net> said:
Which is why Microsoft should issue a software equivelant of a recall.
Systems shouldn't be sold vulnerable without at least a patch CD.
The problem is that you need to look at the sum of (lead time) + (time patch CD
spent on shelf). Given a lead time of 4-6 weeks, and sitting on the shelf for
2-3 weeks... and suddenly you're looking at a 2 month old patch CD.
Now take a look at the last few year's Microsoft advisories, and ask yourself:
What percent of the time was the *last* remote-exploitable major hole more than
2 months old?
And getting the lead time down to 4-6 weeks would be a challenge - remember you
have to *ship* the re-mastered patch CD to every retailer and get it on the
shelves. That's going to hit your bottom line. And keep in mind that
Microsoft doesn't have to answer to its customers, it has to answer to its
shareholders. As long as security problems don't affect it's bottom line, we're
not going to see any change at all.