Tuesday, April 25, 2006

Microsoft Security Updates -- Third Party or Wait 'Til Super Tuesday? (Tech Talk)

“Recently I mentioned a new security issue with Internet Explorer -- it was another one of those new and annoying flaws where you did not have to click on something to compromise your computer -- you merely had to visit a Web page.

A few days ago I saw an AP article about the new flaw and Microsoft's response. They do not want users to apply third-party patches to fix problems; instead, they want users to wait until Microsoft's monthly patch updates, which occur on the second Tuesday of each month (thus, Super Tuesday.)

The third parties say they appreciate that creating patches can be complicated and tricky, but users should not have to be vulnerable to an exposed security issue for up to four weeks, as Microsoft waits until patch time.

It got me thinking -- what's the standard I should apply? Should I always wait on Microsoft or should I use third-party patches? After pondering it for a minute I realized I did have some standards, I just hadn't thought them out.”