| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 |
||||
 |
|
|||
 |
||||
|
|
|
||
|
|||||||||||||||||||||||||||||||||||||||||
 COLUMN
A modest proposal SPIT AND DIRTY socks, I said, upon learning of Microsoft's new plan to reduce the number of critical security patches for Windows and other software. This, of course, happened in the week between the writing of last week's column and its publication. As you remember, last week I opined that Windows .Net Server 2003 would require 30 such patches in the first year after its release, which is expected sometime after April 2003.
So what do I do now? Combine the new "important" category with the announced critical patches to get the final number or restate the line? I'm probably going to do the former, since the bookies' easy way out of declaring "no line" is also no fun. I'm also confused by the distinctions between recommended updates, important updates, and critical patches (but then again, I don't have a graduate degree in semantics). As usual, I have a suggestion that's going to enrage a lot of you: Windows users would be better served by introducing a new category of mandatory updates, where you have 60 or so days to apply the patch, and if you don't, the computer's networking functions will be disabled. Savage, yes, but effective. Of course, finding a way to get that functionality onto the millions of Windows desktops already out there might take some doing. Microsoft would have to disguise it as porn to achieve the widest possible distribution, if my understanding of human nature is any guide. I'm not going to claim credit for this modest proposal; after all, it's been around in demo software and shareware for ages, and it shows up from time to time in big-ticket software packages as a way of enforcing a payment agreement. To give proper credit, I should mention that Jon Lasser's column on Security Focus has repeatedly called for time bombs to be built into software from the beginning. However, in the most recent installment, he was thinking of applying this idea to something far more important than Windows: BIND (Berkeley Internet Name Domain), the software that supports DNS (Domain Name System), which is a foundational Internet technology. To be fair, I'll point out that I can't name a vendor that produces 100 percent bug-free software or even comes close. That's the nature of the software business, where ship schedules are more important than quality. So I promise that I won't pick on Microsoft next week. Instead, I'll ponder whether software vendors should be held to the same degree of liability as other industries. P.J. Connolly is a senior analyst at the InfoWorld Test Center. Contact him at pj_connolly@infoworld.com.  RELATED SUBJECTS  SecurityEnterprise ApplicationsClick here for all of P.J. Connolly's past columns. SPONSORED WHITE PAPERS 
SPONSORED LINKS
|
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
