Completely off topic: FW: Trustworthy Computing
bkelsay at comcast.net
bkelsay at comcast.net
Mon Jul 22 00:30:35 CDT 2002
> > - Keeping ahead of security exploits. Distributing updates using the
> Internet so that all systems are up to date. Windows Update
> > and Software Update Services, discussed below, provide the
infrastructure
> for this.
>
> Has it ever occurred to anyone that WU itself, if it ever were
> compromised, would become the mechanism to spread a worm to EVERY SINGLE
> "TRUSTWORTHY" COMPUTER?
I fear this every day at work, but what are you gonna do? I think that MS
ought to give away a free version of Patch Server to each Enterprise level
customer. (They don't currently have such a thing as far as I know.) With
this you could mirror the patches on Windows update and test them in a
secure environ and them distribute the patches via SMS or a startup script.
We currently waste all kinds of bandwidth downloading the same patches over
and over again. Some patches can be downloaded and stored on a server, but
I'm talking about when you have WIndows update analyze the PC and load
several patches at once. I also routinely discover PCs with really old
outdated images that haven't been defragged in two and a half years and
such. I usually find them when I get a helpticket for a virus infection.
Brian Kelsay
More information about the Kclug
mailing list