[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Automating patch deployment

To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Automating patch deployment
From: David Vincent <david.vincent@mightyoaks.com>
Date: Wed, 6 Aug 2003 09:12:07 -0700

> > The good thing about SUS is that you can set it up to not 
> > push out the packages until you approve them.  The SUS box 
> > downloads all the critical updates and then they sit in queue 
> > until you tell them it's ok to push them out.  I think that's 
> > the best way to handle the situation.  Sure it creates a 
> > little admin work, but I think the advantage is clear.  
> 
> The bad thing about SUS is that it uses Windows Update 
> technology which
> means it can be incorrect when determining if a box needs a 
> patch.  This
> means you can *look* like you're patched when you're not.
> 
> To me, that is unacceptable behavior.

c'mon folks.

if you rely on only one tool to make sure you're patched you deserve what
you get.  security is like an onion - layers upon layers!

-d

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [despammed] RE: [Full-Disclosure] Automating patch deployment
Next by Date: [Full-Disclosure] Samba Server Scannen
Prev by thread: RE: [Full-Disclosure] Automating patch deployment
Next by thread: RE: [Full-Disclosure] Automating patch deployment
Index(es):
- Date
- Thread