News: Microsoft Realises Patches Don’t Work Shock

 From the About Time Dept comes news that Microsoft realises the whole ‘issue a patch to cover a hole, knowing only a few people actually download it’ approach may be, er, flawed. CNET reports that Microsoft plans next week to outline a new security effort focused on what the company calls “securing the perimeter”. Details are thin, but appear to involve a deeper relationship with firewall providers.
Watch this space. My tupennies’ worth: The Windows Update process, where your computer tells you what’s new and what needs downloading, is actually not bad. But the wordings of the messages are too nerdy, and there’s no easy way to compare what you have installed on your computer to the most salient threats. Tell the user what the problem is and what needs fixing. Give the patches names or numbers we can understand. Oh, and write better software.

Update: Microsoft May Stop Footing Pussies

 Security Wire Digest, published by Information Security Magazine, reports that Microsoft may stop pussyfooting around on updates to its Windows operating system. In the wake of the worm that ripped through networks worldwide by exploiting a vulnerability for which a patch had been released more than three weeks before, the company is considering several plans to beef up security in its products which may automatically install patches on PCs.
Privacy advocates will have a problem with this, but it’s logical. Most folk don’t update properly, or even know they’re supposed to, although I wonder whether it may leave Microsoft vulnerable legally. It’s tantamount to saying ‘what we’re selling you isn’t safe unless you let us keep patching it.’