Wednesday, October 10, 2007

Should you trust automatic updates?

Jaikumar Vijayan asks an interesting question in this ComputerWorld column: Should you trust Microsoft (or anyone else) to patch for you? Should you be implementing an automatic patching strategy?

It gets back to a risk analysis. Are you more at risk by not patching (or patching when you get around to it) or taking the risk that a vendor would do a faulty update that will break something?

I can only rely on the data, especially for consumers and the vendors do a pretty good job. I can count on the fingers of one hand the number of times that a patch has been busted and needed to be fixed. I know there are millions of computers that get compromised because they are not patched.

Ultimately it gets back to what you are willing to do. If you are willing to analyze the patches and are disciplined about applying the updates, then I don't have a problem with you doing so. But if you aren't going to be religious about it, then turn on the automatic updates.

Jaikumar knows more than pretty much all the consumers out there. So he doesn't need to trust the vendor. You probably do.

Photo credit: Trust, originally uploaded by thorinside

1 comment:

Anonymous said...

Another important risk is that the vendor's mechanism could be faulty from a security standpoint, allowing it to be hijacked by someone interested in loading malicious code.