I'd like to know if the "project zero" publishes to everybody the security issues discovered in Google products before Google has a chance to update the software? Or does this policy exist only for the other companies? Can we even know?
Microsoft stopped distributing individual patches, all updates are now rolled up into one package. Therefore, if one patch causes issues, none of them can be released.
Windows 10 already worked like that, last fall they started doing the same for older OS'es.
I wish people thought a bit more critically when invoking NSA conspiracies in these matters. If the NSA was the primary cause, wouldn't it be much easier to simply silently exclude those specific unwanted updates from an otherwise regular Patch Tuesday, instead of having Microsoft announce very publicly and vocally that something is 'off' in this patching round?
Not saying the NSA doesn't influence Microsoft or others to withhold patches, but seeing the invisible hand of the NSA everywhere is not helpful for determining and criticizing when they do influence things. People seem to be able to suspend their critical thinking too easily whenever the NSA can be invoked.
It did cross my mind as well. Considering the whole Russia drama right now, I wonder if the NSA just asked Microsoft to delay its patches for this month so it doesn't interrupt the agency's on-going operations against Russia.
I doesn't help that Microsoft has been moving in a direction where it provides less and less information about what its updates do these days, while sneaking through dozens of new root certificates at once every now and then.
They push once a month because back in the day they pushed whenever they had an update, and enterprises really hated that because it meant that sometimes 1000s of computers were all out of commission running updates at the same time.
So MS and the enterprises agreed on a specific day of the month that updates would get pushed, so that the enterprises could plan accordingly as best fit their needs.
Some enterprises just run the updates that night and let everyone know to expect some slowness or downtime, and some of them only let the update run on their testing machines so they can validate the update in their environment before allowing it out to all the other machines.
But the main point is that the updates are predictable because that is what the customers asked for.
[+] [-] namtrac|9 years ago|reply
[+] [-] billpg|9 years ago|reply
[+] [-] kyriakos|9 years ago|reply
[+] [-] B1FF_PSUVM|9 years ago|reply
I used to avoid annoyances by not having Flash. Now, thanks to the hard work of WHATWG on HTML5, I'm scrod.
[+] [-] yuhong|9 years ago|reply
[+] [-] acqq|9 years ago|reply
[+] [-] mtgx|9 years ago|reply
[+] [-] noinsight|9 years ago|reply
Windows 10 already worked like that, last fall they started doing the same for older OS'es.
See: https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/...
[+] [-] r721|9 years ago|reply
http://www.computerworld.com/article/3170633/microsoft-windo...
https://www.askwoody.com/2017/what-happened-to-the-february-...
[+] [-] akerro|9 years ago|reply
[+] [-] DCKing|9 years ago|reply
Not saying the NSA doesn't influence Microsoft or others to withhold patches, but seeing the invisible hand of the NSA everywhere is not helpful for determining and criticizing when they do influence things. People seem to be able to suspend their critical thinking too easily whenever the NSA can be invoked.
[+] [-] mtgx|9 years ago|reply
I doesn't help that Microsoft has been moving in a direction where it provides less and less information about what its updates do these days, while sneaking through dozens of new root certificates at once every now and then.
http://www.theverge.com/2017/1/25/14381174/microsoft-thailan...
http://www.networkworld.com/article/2348143/security/microso...
https://hexatomium.github.io/2016/10/11/unannounced-root-cer...
https://hexatomium.github.io/2015/06/26/ms-very-quietly-adds...
[+] [-] staticelf|9 years ago|reply
[+] [-] sanifsdd|9 years ago|reply
[deleted]
[+] [-] ocdtrekkie|9 years ago|reply
If anyone from Microsoft reads this: This is why cumulative updates suck, and you shouldn't force them on everyone. :)
[+] [-] jedberg|9 years ago|reply
They push once a month because back in the day they pushed whenever they had an update, and enterprises really hated that because it meant that sometimes 1000s of computers were all out of commission running updates at the same time.
So MS and the enterprises agreed on a specific day of the month that updates would get pushed, so that the enterprises could plan accordingly as best fit their needs.
Some enterprises just run the updates that night and let everyone know to expect some slowness or downtime, and some of them only let the update run on their testing machines so they can validate the update in their environment before allowing it out to all the other machines.
But the main point is that the updates are predictable because that is what the customers asked for.