Microsoft has blamed the explosive spread of the SQL Slammer worm on system adminstrators failure to patch their systems. But do users and administrators have good reason to avoid applying patches? In a short but provocative piece, OReilly and Associates editor Andy Oram explains that patches — especially the “mega-patches” posted by Microsoft — often leave systems unreliable or even non-functional, and that many have reacted by avoiding even necessary updates. Users are also concerned that patches — especially ones from Microsoft — may bring changes they do not want, such as new DRM components that limit what they can do with their machines. This essay, by Yours Truly, also delves into the issue of patches in some detail.
What do you think? Is it always a good idea to patch? Join our discussion and let us know.
On 5 February 2003, Microsoft announced yet another security hole in its Internet Explorer browser. The flaw, which Microsoft labels as “critical,” allows a hostile Web page to take over your computer and/or extract files from it. It affects all copies of Internet Explorer from version 5 on.
The flaw is described in detail in Microsoft Security Bulletin MS03-004. (Note that, ironically, you may not be able to view the “technical details” portion of the advisory if you are using a Web browser other than Internet Explorer.) The patch, which is cumulative, also covers other security holes in MSIE and is roughly 1 to 4 mebabytes in size (depending upon which version of the browser you have).