Its good to see that Microsoft has beefed up its infrastructure for managing Windows patching. However, the functionality that WSUS still cant provide—namely, patching support for all Microsoft applications, or for any third-party applications at all—demonstrates how much work still needs to be done when it comes to patching support for Windows.
In contrast, consider the software management facilities built into the average Linux distribution. In a typical machine running Red Hats Red Hat Enterprise Linux or Novells SuSE Linux Enterprise Server, every software component traces back to a package that contains the binaries, configuration files and dependency requirements for that component.
Under this infrastructure, system-patching operations, whether for applying critical vulnerability fixes or for fetching feature upgrades, boil down to configuring the update agent that ships with your distribution of choice to fetch, sort out dependencies, and install packages from one or more on-site or vendor-hosted network repositories.
Id be very happy to see Microsoft develop a much more granular and open patching infrastructure for Windows and do so according to the “Longhorn” time frame. However, I havent yet heard Microsoft officials mention improved software management facilities among their already-ambitious goals for the next generation of Windows.
The good news for Microsoft is that much of the software development work for this type of system has already been done; the code for RPM—Red Hat and SuSEs underlying package management system—is licensed freely and is open for perusal.