RE: Bill Gates blames the victim

["Schmehl, Paul L" <pauls () utdallas edu>]

> -----Original Message-----
> From: Robert Ahnemann [mailto:rahnemann () affinity-mortgage com] 
> Sent: Wednesday, September 03, 2003 1:08 PM
> To: Lim Swee Tat
> Cc: full-disclosure () lists netsys com
> Subject: RE: [Full-disclosure] Bill Gates blames the victim
>
> Its not so much that I like to patch.  I personally have 
> never had a problem with a patch messing up a system here at 
> work.  I'm sure there are some cases where there might be 
> conflicts, no doubt.  I think you might be inflating the 
> severity of the 'problems' with any given patch. I don't 
> think it's straight to compare a patch problem with something 
> like Nachia or Blaster.  
You should try patching more often or more systems.  We had a Solaris
system just the other day that took eight hours to patch.  We had to
back some out and redo them.  Others we could only back out because they
failed utterly.  We've had Windows systems that completely croaked on
some patches.  Others are simply unpatchable, because if you patch them,
the application they run (which is their raison d'etre) is unusable once
the system is patched.

Patching is not nearly as trivial or as easy as some would like to make
it out to be.  But those with little or no real experience are always
eager to throw their two cents in anyway.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html