[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Automating patch deployment

To: <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Automating patch deployment
From: "Schmehl, Paul L" <pauls@utdallas.edu>
Date: Wed, 6 Aug 2003 10:32:46 -0500

> -----Original Message-----
> From: Bassett, Mark [mailto:mbassett@omaha.com] 
> Sent: Wednesday, August 06, 2003 9:21 AM
> To: full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] Automating patch deployment
> 
> 
> The good thing about SUS is that you can set it up to not 
> push out the packages until you approve them.  The SUS box 
> downloads all the critical updates and then they sit in queue 
> until you tell them it's ok to push them out.  I think that's 
> the best way to handle the situation.  Sure it creates a 
> little admin work, but I think the advantage is clear.  

The bad thing about SUS is that it uses Windows Update technology which
means it can be incorrect when determining if a box needs a patch.  This
means you can *look* like you're patched when you're not.

To me, that is unacceptable behavior.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] msn scan??
Next by Date: RE: [despammed] RE: [Full-Disclosure] Automating patch deployment
Prev by thread: RE: [Full-Disclosure] Automating patch deployment
Next by thread: RE: [Full-Disclosure] Automating patch deployment
Index(es):
- Date
- Thread