Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft To Distribute Third-Party Patches

timothy posted more than 4 years ago | from the after-the-after-party dept.

Security 135

dhiren writes "Secunia on Wednesday announced that their authenticated internal vulnerability scanner, the Corporate Software Inspector (CSI) 4.0, has been integrated with Microsoft Windows Server Update Service (WSUS) and System Center Configuration Manager (SCCM). This will hopefully pave the way for other vendors to also make use of Windows' existing patching infrastructure and eliminate the need for the multitude of custom updater applications and services that clutter most systems today."

Sorry! There are no comments related to the filter you selected.

Oh just call it (5, Insightful)

LordKaT (619540) | more than 4 years ago | (#31601836)

Oh, just call it a package manager and get over it. Your fancy words don't make it better.

Re:Oh just call it (1, Funny)

Anonymous Coward | more than 4 years ago | (#31601930)

Aww but then those guys in marketing would be all bored with nothing to do...

Re:Oh just call it (5, Insightful)

140Mandak262Jamuna (970587) | more than 4 years ago | (#31602188)

No way buddy. It is going to come in so many editions:
  • Absolutely Basic Package Manager
  • Expanded Basic Package Manager
  • Funeral Director Edition Package Manager (third from the bottom of pricelist!)
  • Anything Less Would not work Manager
  • Ultimate Home Edition Package Manager (clueless user Special)
  • Professional Ultimate Package Manager
  • Ultimate Professional Package Manager with Downgrade to Ugrade Option Bundled
  • Super Ultimate Professional with Multimedia Expansion Package Gamer special Package Manager
  • Absolutely Super Ultimate, this time really really Ultimate Gamer Professional Home Maker Special Edition Package Manager

Re:Oh just call it (1)

ArundelCastle (1581543) | more than 4 years ago | (#31602498)

It should be Microsoft Twilight because now it Sparkles. [andymatuschak.org]

Re:Oh just call it (3, Funny)

melikamp (631205) | more than 4 years ago | (#31602520)

FUN FACT:

Quickly pronouncing ASUTTRRUGPHM SE PM three times in a row is the last trial of Microsoft Professional certification, and the one that counts for 90% of the total score.

Re:Oh just call it (1)

sexconker (1179573) | more than 4 years ago | (#31603588)

Or you can just trick Ballmer into reading/saying Kltpzyxm.

Re:Oh just call it (1)

game kid (805301) | more than 4 years ago | (#31602886)

Ultimate Gamer Professional Home Maker

One (or two) of those words is not like the other words.

Re:Oh just call it (3, Informative)

Anonymous Coward | more than 4 years ago | (#31602192)

You really can't call it a package manager because it doesn't do dependency and it doesn't do upgrades. It just does patches - which is why it is not called a package manager.

Re:Oh just call it (3, Funny)

Slashdot Suxxors (1207082) | more than 4 years ago | (#31603030)

Patchage Manager

Re:Oh just call it (0)

Anonymous Coward | more than 4 years ago | (#31603068)

windows installer is a package manager, windows update is a delivery mechanism. dodo.

Re:Oh just call it (0)

Anonymous Coward | more than 4 years ago | (#31603748)

You really can't call it a package manager because it doesn't do dependency[1] and it doesn't do upgrades[2]. It just does patches[3] - which is why it is not called a package manager.

I assume the parent was referring to Windows Update, in which case, 1 and 2 and 3 are untrue.

Re:Oh just call it (2, Informative)

rjch (544288) | more than 4 years ago | (#31604608)

You really can't call it a package manager because it doesn't do dependency and it doesn't do upgrades. It just does patches - which is why it is not called a package manager.

Actually, WSUS does do dependences, even if it does them badly. I do agree that calling it a package manager is an overstatement though.

Re:Oh just call it (3, Funny)

dkleinsc (563838) | more than 4 years ago | (#31602244)

But see, a "package manager" is the result of careful research and experience by a bunch of long-haired university-bound communist hippies, so it could never have any usefulness in the real world. Plus it's not a register-able trademark, so customers might realize that there are other better package managers out there. And once they get hooked on apt-get, they'll turn immediately into a clone of RMS and start helping the FSF.

Re:Oh just call it (3, Funny)

spazdor (902907) | more than 4 years ago | (#31603038)

That happened to my sister. Apparently she's getting way more dates now. Even with the open-source beard.

Re:Oh just call it (1)

Volante3192 (953645) | more than 4 years ago | (#31603474)

Plus it's not a register-able trademark

You must excel at your access to exchange in an office with windows. Word.

Re:Oh just call it (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31602312)

Except you cannot install or remove programs from this. So its not a package manager.

Re:Oh just call it (2, Interesting)

nine-times (778537) | more than 4 years ago | (#31602922)

I've been thinking for quite a long time that Apple and Microsoft to come up with package managers for their operating systems. It's ironic because after all the talk of it being hard to install things in Linux, it's much easier to keep a Linux system up to date. In most cases, you can upgrade every application on your computer with a single line in the command line.

Microsoft has "Microsoft Update" and Apple has "System Update", so they basically have the system in place already for their own software, but then 3rd party software all installs their own updaters or expect you to hunt down updates on the web. It seems to me their built-in updaters could be expanded for 3rd party updates through one of two methods:

  1. Microsoft and Apple could each create repositories for approved/certified applications which would be updated through "Microsoft Update" and "System Update", respectively. This has the advantage of being more secure (repositories would have known-good software in them) but would create a lot of additional work for Microsoft and Apple. Additionally, this wouldn't address the issue comprehensively since there would be applications which would never become certified.
  2. The other option would be to create an open set of standards that would allow each software developer/publisher to create their own repositories, and programs could add their repositories to the update system at install time. Then the update system would have a list of separate repositories for each publisher which could be managed by the user. The main downside I can think of for this is the possibility of malware getting into the repository list.

Re:Oh just call it (1)

Korin43 (881732) | more than 4 years ago | (#31603314)

Yes if there was a decent package manager for Windows, it would be far less painful to use. Coming back to Windows after a month and having every program complain about updates is incredibly annoying, especially when they're all updates you have to apply manually, one at a time.

Re:Oh just call it (1)

nine-times (778537) | more than 4 years ago | (#31603620)

On OSX, a lot of applications have been using Sparkle [andymatuschak.org] . Programs check for updates when they launch, and if an update is available, it throws up a window notifying that an update is available. If you choose to "Update and relaunch", it will automatically update the program, install the update, and relaunch the program.

All in all, it's not bad. On the other hand, it means every application pops up with its own update notifications. If I haven't used a system for a while or I reinstall from an image, I get a pop-up on just about every application I run. I'd much rather have something that just checks every so often and runs updates for all my programs at once.

Windows is just a mess.

Re:Oh just call it (1)

pushing-robot (1037830) | more than 4 years ago | (#31604082)

MacUpdate Desktop [macupdate.com] sounds like what you're looking for.

It would be nice if it was free, but $20 annually for up to five computers shouldn't break the bank.

Re:Oh just call it (1)

nine-times (778537) | more than 4 years ago | (#31604462)

Thanks. That seems like it's not bad. Still, it's not free, it requires you to have an account.

Also it gets some things wrong. For example, it tells me there are updates to my Adobe applications because I'm running CS3 and CS4 is available. It'd be nice if there were a common infrastructure where Adobe you support their own application and decide what updates were sensible instead of relying on someone else to guess.

I'd maintain it's still something that should be done by the OS.

Re:Oh just call it (2, Insightful)

Runaway1956 (1322357) | more than 4 years ago | (#31603976)

"you can upgrade every application on your computer with a single line in the command line."

Even better:

aptitude safe-upgrade

Because, sometimes, upgrading EVERYTHING breaks obscure dependencies. ;^)

Misreading (4, Funny)

AnonGCB (1398517) | more than 4 years ago | (#31601856)

For a minute I read the headline as "Microsoft to Distribute Eye Patches". With the rate of piracy Microsoft has goin on, I wouldn't be surprised.

Re:Misreading (0)

Anonymous Coward | more than 4 years ago | (#31604486)

When I tried to misread it like you did, I read it as "Microsoft to Distribute Third-Eye Patches". Quite disturbing imagining Ballmer in one of those...

About time! (0, Flamebait)

drcosquared (1720540) | more than 4 years ago | (#31601876)

About time..how long has Linux been doing this?

Re:About time! (-1, Troll)

DIplomatic (1759914) | more than 4 years ago | (#31601962)

About time..how long has Linux been doing this?

FFS is that your answer to everything? In case you haven't heard, the entire history of computer technology has been copying and adding to someone else's idea. Now go run and cry home to Torvalds.

Re:About time! (1, Insightful)

jedidiah (1196) | more than 4 years ago | (#31602142)

It's not about copying, it's about sandbagging.

Microsoft as a monopoly gets to drag it's feet for years and years while it's end users suffer.

Some of us are still holding a grudge over that 10 year wait for 32bit and proper GUIs.

They dragged their feet on proper multi-tasking too but then again so did just about everyone else...

Quit whining... (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31602862)

It's not about copying, it's about sandbagging.

Microsoft as a monopoly gets to drag it's feet for years and years while it's end users suffer.

Some of us are still holding a grudge over that 10 year wait for 32bit and proper GUIs.

They dragged their feet on proper multi-tasking too but then again so did just about everyone else...

Boo Fuckin Hoo...

Get over yourself, stop whining, and grow up.

They do something, and you whine about how they should have done it sooner.

Re:Quit whining... (1)

Runaway1956 (1322357) | more than 4 years ago | (#31604012)

Yes, and we whine even louder when they do it WRONG!!!

Administering an operating system without a package manager in this day and age is just fucking WRONG!!

Admit that, then we can move on to arguing the merits of the various package managers available to real operating systems.

Re:About time! (1, Insightful)

mweather (1089505) | more than 4 years ago | (#31602156)

In case you haven't heard, the entire history of computer technology has been copying and adding to someone else's idea.

Yeah, but most companies do it in a timely manner, not decades after the fact. This is akin to a cell phone company 20 years from now releasing their first touchscreen phone.

Re:About time! (2, Insightful)

ircmaxell (1117387) | more than 4 years ago | (#31602200)

It isn't the fact that they copied the idea. It's the fact that it took so long to do so. I mean Windows has been through how many revisions since Up2Date (Yum's predecessor) and APT have been around? Since at latest 1999 (I'm sure there were earlier, but I know they existed in 99). And in that time, MS released XP, Vista and 7 (as far as desktop OS's go)...

Re:About time! (3, Insightful)

bmo (77928) | more than 4 years ago | (#31602104)

The Wikpedia says that dpkg came out in 1993.

So Microsoft is only catching up after 17 years.

--
BMO

Like so many "innovations" before it... (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31602852)

1. Embrace... Accomplished
2. Extend (its gonna happen)
3. You know what comes here

Re:Like so many "innovations" before it... (0)

Anonymous Coward | more than 4 years ago | (#31603532)

Do you even think before you write these things?

How does "extinguishing" package management even make sense?

Re:About time! (1, Interesting)

westlake (615356) | more than 4 years ago | (#31603090)

About time..how long has Linux been doing this?

about the time the geek discovered that compiling from source can be a royal pain in the butt -
and that a solution had to be found for the non-technical end user.

there remains the problem of programs that aren't packaged for your distribution - and the fragmentation of Linux into 200 or so odd distros can make OSX and Windows seem like models of shining sanity.
 

Re:About time! (1)

nine-times (778537) | more than 4 years ago | (#31603650)

Funny, I don't worry about the 200 odd distros when I work on a Linux desktop. Admittedly I stick to common distributions, but I think the fragmentation is a non-issue.

Re:About time! (3, Insightful)

Runaway1956 (1322357) | more than 4 years ago | (#31604072)

200 distros? Really? Confining ourselves to Linux - I think there are a half dozen root distros, with dozens of derivatives from each.

There are three main package managers, one of which will work with almost any distro you choose.

I know - half the people in the world can't decide what color socks to wear today, so they only buy black socks, or white socks. Some of the rest of us buy both black and white, and mix and match according to mood. Some daring individuals actually buy COLORFUL socks, and manage to keep up with the pairs.

The point is, not everyone is retarded.

Re:About time! (1)

Spad (470073) | more than 4 years ago | (#31603692)

Linux doesn't have to worry about licensing problems with distributing 3rd party application patches and users coming to them for support if said patches cause issues with their machines. Not to mention the ludicrous number of different installation and patching mechanisms used by each vendor. Oh, and all those retarded apps that force you to manually uninstall the existing version before you can "upgrade" to the latest one.

This is the first step (0, Funny)

Anonymous Coward | more than 4 years ago | (#31601902)

1. distribute 3rd party packages
2. ???
3. Israel uses your computer to start a world war

notice the lack of profit, very chilling

Re:This is the first step (0)

WED Fan (911325) | more than 4 years ago | (#31602698)

Had you logged on, I would have used one of my mod points on you. But, now you are the quintessential definition of "loser". Too bad, you could have been "funny".

Re:This is the first step (2, Funny)

Anonymous Coward | more than 4 years ago | (#31603166)

You showed him!

Ah, a new attack vector (1, Insightful)

Animats (122034) | more than 4 years ago | (#31601928)

Now we just have to break into one of the machines allowed to submit updates to be pushed, and we can rule the world!

IDIOTS! (0)

Anonymous Coward | more than 4 years ago | (#31601984)

You flibbering monkeys! Secunia is distributing the patches, not Microsoft! No news here. Now, go back to cubicle and finish picking the fleas off of your office mate.

Misleading article (3, Interesting)

djben (785600) | more than 4 years ago | (#31602014)

Correct me if I am wrong, but Secunia is announcing that they are going to piggy-back on an existing WSUS server, and not that WSUS is going to start shipping with and deploying Secunia's updates for everyone who uses WSUS? I'm not sure why this is anything special at all. I help people replace WSUS all the time and they want to use less of it, not more. Perhaps I'm not understanding something here...

Re:Misleading article (2, Interesting)

bangwhistle (971272) | more than 4 years ago | (#31602152)

A lot of us use WSUS and SCCM because they do a good job of managing MS patches AND the cost (for WSUS) is right. This announcement is interesting but raises questions: how much will it cost; who will support it and how much work will it be to import third party updates? We can currently build packages for SCCM for any product, no not much gain there. But WSUS... Maybe it's time for the free trial...

Re:Misleading article (2, Interesting)

afidel (530433) | more than 4 years ago | (#31602526)

I use WSUS on the server side because it doesn't require yet another freaking agent on my servers. In my experience the reliability of a windows server is inversely proportional to the number of third party packages running on it. I run AV because it's required by policy, I run a backup agent if the server has a large number of small files, other than that I avoid them like the plague. I do monitoring using WMI and SNMP, do patching via WSUS, etc.

Re:Misleading article (2, Informative)

Anonymous Coward | more than 4 years ago | (#31602236)

What WSUS are you using? And what the hell are you replacing it with for patch management across a few hundred windows PCs? It takes me only a matter of a half hour a week to handle and check up on patches and updates.

WSUS is a free application for deploying and controlling patches that would normally be handled via automatic updates. Automatic updates still downloads and installs but it pulls from WSUS instead of directly from MS. You can deny patches when there are issues or conflicts and you can see where problems are. You must be thinking of something entirely different or you don't know what the hell you are doing.

Obama shit on the USA and the idiots ate it up. (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31602042)

Insurance companies are going to have you in the ass by the time this is over. Just like with the credit card regulations; one set of problems disappear, a new set arises. This will be no different.

Eat it up dipshits. You're committed for the long haul now.

Really? (2, Insightful)

KGBear (71109) | more than 4 years ago | (#31602108)

This will hopefully pave the way for other vendors to also make use of Windows' existing patching infrastructure and eliminate the need for the multitude of custom updater applications and services that clutter most systems today.

Or just go to Linux, where most distributions have had something like this for over a decade now. The worst part is, I'm sure I will star hearing from Windows people how fantastic the new "innovation" is...

Re:Really? (1)

RAMMS+EIN (578166) | more than 4 years ago | (#31602266)

Well, it is a great step forward. And making a system like this work for software that isn't freely redistributable is quite a bit trickier than for open source software. I hope more vendors get with the programme. Even though I don't maintain any Windows systems, I still welcome any development that makes their maintenance less of a burden.

Re:Really? (0)

Anonymous Coward | more than 4 years ago | (#31603420)

Why is it more difficult for proprietary systems?

  * MSI based installer
      + if installing from DC based on group policy, don't do anything, or
      + else, allow to install SSL cert + XML service URL for querying of updates. Update check interval is specified and is set 1-14 days.

Now, windows installer uses that SSL cert to connect to the service to query for new updates. If the connection fails 3 times in a row, update is disabled and and admin notified.

Stuff like this is REALLY, REALLY overdue.

Re:Really? (1)

RAMMS+EIN (578166) | more than 4 years ago | (#31604832)

``Why is it more difficult for proprietary systems?

    * MSI based installer
            + if installing from DC based on group policy, don't do anything, or
            + else, allow to install SSL cert + XML service URL for querying of updates. Update check interval is specified and is set 1-14 days.''

I don't know what all that means, but the problems with automatic updates for proprietary software aren't technical, but legal.

The same technical solutions that work for open source (distribution packages the software and provides updates) would work for proprietary software, too - but if the license prohibits redistribution (as many proprietary licenses do), this method wouldn't be allowed.

Re:Really? (1)

Prefader (1072814) | more than 4 years ago | (#31603042)

The worst part is, I'm sure I will star hearing from Windows people how fantastic the new "innovation" is...

Of course they will! It was their idea!(copyright 2009 Microsoft Corp.)

Re:Really? (0)

Anonymous Coward | more than 4 years ago | (#31603268)

Or just go to Linux, where most distributions have had something like this for over a decade now. The worst part is, I'm sure I will star hearing from Windows people how fantastic the new "innovation" is...

Oh!!! I assume you have never met the Apple people.

Re:Really? (2, Interesting)

Voyager529 (1363959) | more than 4 years ago | (#31603582)

Oh I'm fully aware of how awesome Synaptic/Yum/$PACKAGE_MANAGER is, but unfortunately I doubt that a full-blown software repo will ever happen on Windows, because ultimately, it will end up as one of two scenarios:

1.) Microsoft requires all software added to the repo to have a specific digital certificate, and/or additional repos themselves will have to be signed and secured. These certificates will cost $$$$. Some indi dev will want to get their software in the repo, won't be able to afford it, and Microsoft will find itself in court faster than a hooker running out of church. That, or some shady software dealer will find itself being unsigned 'cuz someone at MS doesn't trust them or they sue...the details may change, but the bottom line is that if Microsoft discriminates who gets in and who doesn't, regardless of whether they have a legit reason to do so, they'll end up in court.

2.) Microsoft allows any repo, signed or unsigned, to be added to the repo/update tree. Malware attacks shift from "click here to remove the 638 trojans our fake virus scanner found" to "click here to add our repo and install our fake virus scanner". Status quo remains unchanged, and the point of adding repos in the first place gets mitigated.

I love the entire concept of package managers and would LOVE to see Synaptic on Windows. The problem is, the Windows platform is just too entrenched to make a package manager work there.

Re:Really? (1)

robot256 (1635039) | more than 4 years ago | (#31603640)

Or you will start hearing from Windows people how terrible the feature is because MS implemented it poorly, and they will ask how you could possibly put up with such a crappy feature in Linux all these years.

Re:Really? (0)

Spad (470073) | more than 4 years ago | (#31603744)

What is it with all the Linux zealots tonight? If Microsoft doesn't do something, they're stupid and Linux is much better for doing it; if they *do* do something then they're lame for taking so long to implement something that Linux has done for years.

Can't we just be glad that someone has finally made a decent job of integrating 3rd party patching into WSUS? I know I am, if for no other reason than it means I might finally be able to get a consistent version of Adobe Reader & Flash across our network.

Re:Really? (1)

KGBear (71109) | more than 4 years ago | (#31603980)

It's not really zealotry; it's just that I am really tired of seeing Microsoft implementing something really old getting headlines as if it were something new and wonderful. To put this in perspective, what would your comment be if the headline were "Ford to integrate rainwater removal system in all 2011 model windshields"? I would probably say "it's a windshield wiper, move on already" except that I've been seeing this kind of thing happen for a long time. Depending on how old you are you won't even believe me, but this has happened when MS added networking to Windows; then TCP/IP networking; then real user accounts; Kerberos and LDAP... The list is endless. So instead of "move on" my comment is what you saw... here we go again...

Small Piece of a 1,000 piece puzzle. (2, Insightful)

Mekkah (1651935) | more than 4 years ago | (#31602130)

It's just a small piece of the pie. When they open it up to some other major players I'll be impressed.

It's not like this is a new concept, get with the times; it is for the security of your OS for christ sakes. Maybe cut down on why OSX or whichever OTHER OS anyone can name has such a virus advantage on you, if even slightly.


Oh and Yes I understand what Secunia entails, but it's still small.

Wait, what's going on? (1, Interesting)

twidarkling (1537077) | more than 4 years ago | (#31602154)

Is this going to push updates via Windows Update to Windows 7 and other home versions as well, or just Win Server? Or is it even using Windows Update? Is that different from the "Windows Server Update Service?" I don't have anything to do with servers, so I'm honestly confused.

Re:Wait, what's going on? (3, Informative)

Jazz-Masta (240659) | more than 4 years ago | (#31602804)

WSUS is what server admins use to push patches to machines connected to a particular server.

Most machines that are part of a domain or network that utilizes WSUS has Windows Update disabled. The server admin goes through the patches and selects the ones he/she wants to push out to each of the computers.

It's quick and simple...but has nothing to do with the end user.

Re:Wait, what's going on? (1)

twidarkling (1537077) | more than 4 years ago | (#31602960)

WSUS is what server admins use to push patches to machines connected to a particular server.

Most machines that are part of a domain or network that utilizes WSUS has Windows Update disabled.

Ah, okay. I get it. I knew at work we were pointed to an internal update server so that we'd only get patches after they were approved as stable, but I never knew the name of the tool, or the process behind it. thank you muchly!

CNet used to have a similar service (2, Interesting)

Animaether (411575) | more than 4 years ago | (#31602206)

CNet used to have a similar service... only for the software that they themselves offered to users, of course. Then they discontinued it, re-launched as CatchUp, discontinued it again.. now it's some weird newsletter thing you can subscribe to.

Worked fairly well, though - was just a small utility that I guess checked for installed apps, checked the version info (from registry / files) for those it knew, and checked if there were any newer versions offered off of CNet.

Sucked when they discontinued it.. meant you had to check the pages / author sites manually all the time.. or subscribe to their RSS feeds (which only became popular later on), etc. In addition, half the apps I run now have their own update checking stuff.. some check on startup, some check every day, some check once a week... finding the settings for this (if the settings are even exposed) can be a to of fun too.. etc.

So hooray for Microsoft looking into this... looooong overdue. I do hope they allow -any- developer/application to take part, though.

CNet TechTracker (2, Informative)

Animaether (411575) | more than 4 years ago | (#31602544)

reply to self - go figure.. I tried to dig up some more information on the old service.. and somewhere buried among the google hits:
http://www.cnet.com/techtracker/ [cnet.com]

Which sounds like it does what the old app did... except you now need a CNet account to see the results? *sigh*
Some posts in the forum for it ( http://forums.cnet.com/techtracker-forum/ [cnet.com] ) seem to indicate some possible issues as well.

Re:CNet used to have a similar service (1)

natehoy (1608657) | more than 4 years ago | (#31602692)

I remember a program about the same time as CatchUp called OilChange that worked in a similar fashion - scanned the registry and hard drive for known files from common applications, determined the current version, and allowed you to at least tell what of your software was out of date. A few programs could be updated from right in the tool, most just sent you to the vendor's home page so you could download the updates.

In addition, half the apps I run now have their own update checking stuff.. some check on startup, some check every day, some check once a week... finding the settings for this (if the settings are even exposed) can be a to of fun too.. etc.

I think my favorites used to be the ones that checked when the app started up. Adobe Acrobat Reader was really bad about this. "Would you like to take 30 minutes out of your day to load an Adobe Downloader so you can load the latest version of Adobe Reader so you can reboot and then have to come back to this page so you can read this one-page document, or ignore this and I'll pester you the next time you try to open a document?"

One of the things that drove me into the loving arms of Linux Mint. I don't install software, I add repositories and select the software I want installed. When new versions come out, the centralized updater tells me about them, and with a few clicks o'da mouse and one typing of my password, the dependencies are resolved and the packages are loaded and I'm done. Oh, and I almost never have to reboot after updates.

I'm not saying that the clumsy update tools are Microsoft's fault - the vendors have all insisted on going their own way - but it would have been nice to have updates for things like Flash, Adobe, etc all done as part of a daily centralized check rather than 20 background apps bugging me at odd times and a number of other software simply interrupting me when I tried to start it up.

Re:CNet used to have a similar service (2, Informative)

matang (731781) | more than 4 years ago | (#31602716)

filehippo has an update checker. i've used it for a while and it works well: http://www.filehippo.com/updatechecker/ [filehippo.com]

Re:CNet used to have a similar service (1)

Animaether (411575) | more than 4 years ago | (#31604920)

Cool - thanks for pointing that one out as well, I'll have to give it a run and see what it (and that TechTracker thing) come up with on the other machine. I know all the software I use regularly on it is up-to-date, but it's seen so many crap installs that it'll be fun to see what they find :)

Re:CNet used to have a similar service (2, Interesting)

TClevenger (252206) | more than 4 years ago | (#31603552)

I think my favorites used to be the ones that checked when the app started up. Adobe Acrobat Reader was really bad about this. "Would you like to take 30 minutes out of your day to load an Adobe Downloader so you can load the latest version of Adobe Reader so you can reboot and then have to come back to this page so you can read this one-page document, or ignore this and I'll pester you the next time you try to open a document?"

You forgot the second half of that story.

(30 minutes later) "Oh, sorry, you have to be an administrator to install that." (Then after the next reboot) "Would you like to take 30 minutes out of your day to load an Adobe Downloader so you can load the latest version of Adobe Reader so you can reboot and then have to come back to this page so you can read this one-page document, or ignore this and I'll pester you the next time you try to open a document?"

orly? (1)

arhhook (995275) | more than 4 years ago | (#31602248)

What could possibly go wrong!

Re:orly? (0)

Anonymous Coward | more than 4 years ago | (#31602500)

What could possibly go wrong!

They could distribute a virus, because somebody promised them money?

Comprehensiveness? (1)

MrTripps (1306469) | more than 4 years ago | (#31602310)

I don't think the editor of that piece had enough comprehensiveness has the second and third paragraphs are practically identical swatches of marketing vomit.

Would you like to install the 3rd Party Patch NOW? (0)

Anonymous Coward | more than 4 years ago | (#31602332)

installing Microsoft third-party patch. ..
Zeus bot installing..
Rustock installing...
Chuck Norris installing...
Koobface installing..

and so on and so forth.

Name_your_favorite_botnet installing..............

You get the picture.

Yours In Olyokminsk.
Kilgore Trout [youtube.com]

The end for Internet Explorer (2, Interesting)

fran6gagne (1467469) | more than 4 years ago | (#31602368)

The only reason we keep using Internet Explorer at work is because we can patch it with WSUS. So if we could patch firefox with WSUS, it will be the end of IE in our environment! Can't wait for that day to come....

Re:The end for Internet Explorer (1)

cmuench (878624) | more than 4 years ago | (#31602540)

And if it can do Flash and PDF Reader I can use this at work. Oh what a joyous day that would be. assuming its free of course...

Re:The end for Internet Explorer (1)

Spad (470073) | more than 4 years ago | (#31603798)

Just as soon as Firefox comes with support for configuration & control via GPO (Frankly, even if I have to write the templates myself, just *something* would be nice).

Compare? (3, Interesting)

vlm (69642) | more than 4 years ago | (#31602516)

I don't do windows. Mac and Linux only.

Could someone compare and contrast with apt-get and security.debian.org, which I am very familiar with?

I'm not trying to ignite a flamewar, I'm just curious about the feature set. What one side would have to add to reach the other side's level, etc.

Re:Compare? (1)

vlm (69642) | more than 4 years ago | (#31602826)

Mystified how this ends up modded troll.

Re:Compare? (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31602990)

I'm not trying to ignite a flamewar, I'm just curious about the feature set. What one side would have to add to reach the other side's level, etc.

You know it will sucks. Why do you still ask?

Re:Compare? (2, Informative)

radish (98371) | more than 4 years ago | (#31603586)

Broadly speaking they're very similar. With Windows Update it's normally limited to stuff which MS publish, in much the same way as (say) apt-get on Ubuntu is limited to things in the Ubuntu repos by default. Obviously that's a lot more software there as it's freely distributable, but you still get packages sometimes which aren't included in the distro's repos and you have to add another source to your packages list (or even worse, download a tarball and maintain it manually). This change is to allow third party code to come down through Windows Update, in essence adding more package sources.

It's not new or unique, but it is still useful and a step forward for Windows. Now OSX is the only one without something similar (as far as I know).

Re:Compare? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31604612)

WSUS is more like the apple updater then an actual package manager. microsoft almost exclusively releases patches with windows update, only very few applications are deployed that way (live essentials, powershell, thats about it)

Misleading summary? (2, Insightful)

trifish (826353) | more than 4 years ago | (#31602550)

Does anyone have any link that would confirm that Microsoft actually did anything besides allowing a third party to use an API? The summary tries to make it sound like Microsoft uses (integrates) some Secunia stuff now.

The article certainly does read like a Secunia ad.

OSS Alternative (5, Interesting)

bdam (1774922) | more than 4 years ago | (#31602582)

The current version of WSUS includes an API that allows, among other things, anyone to publish third party updates through the WSUS system. I've been working on a project for a few months that does just that: https://sourceforge.net/projects/localupdatepubl [sourceforge.net]

Re:OSS Alternative (1)

zero0ne (1309517) | more than 4 years ago | (#31602972)

Good stuff, will be taking a look at this.

Re:OSS Alternative (1)

Animaether (411575) | more than 4 years ago | (#31603296)

That looks like it's great -if- and only if you only have your own intranet to worry about?

I.e. a system administrator for a local network suggesting that users should install Update X for Application Y, and having that served up to -those- machines through windows updates.

It doesn't do anything for a software publisher wanting their clients to know about updates. For that, you'd still need your own update checker?

Maybe I'm mis-reading that mechanism, though.

Re:OSS Alternative (2, Informative)

bdam (1774922) | more than 4 years ago | (#31603580)

You are mostly correct. In my project, there's no support for automatically importing or being alerted about new updates from vendors. I'm not aware of any centralized source for that sort of data. If such a thing exists, I'd be interested to know about it. So, to be clear, Secunia has a definite edge there that I can't conceive of matching without some freely available repository. However there is some value for the software publisher. One of the reasons that Microsoft released the API was in the hope that publishers would create and release catalogs for their programs although few have done so. These catalogs would make it dead simple for the administrator to manage that publisher's application in their environment. My project currently doesn't support those catalogs, mainly because so few exist, but it's on the proverbial to-do list.

Appupdater (0)

Anonymous Coward | more than 4 years ago | (#31602596)

Is all you need:

http://www.nabber.org/projects/appupdater/

Anyone with more info? (1)

jayhawk88 (160512) | more than 4 years ago | (#31602624)

Reading the Secunia website, it seems like this is just a new feature in their 4.0 product, which has been in beta up until today. If the way I read things is correct, it's not like WSUS will be shipping with CSI technology built in; rather, if you purchase CSI 4.0, you'll have the ability to (hopefully, presumably) roll up 3rd party patches so that WSUS will recognize them, and spit them out to clients.

Which is great, not "Wow I just pissed my pants" great like I originally thought, but still. Can anyone comment on this feature, someone who was in the beta, etc? Ballpark pricing?

Re:Anyone with more info? (0)

Anonymous Coward | more than 4 years ago | (#31603032)

I spoke with a rep at Secunia last week about it and they do package the third party packages for you. From an admin workstation you'd push the updates to the WSUS and then it would be distributed like regular MS patches. I'm not sure about the price, but a google search returned ~$30/user.

Re:Anyone with more info? (1)

jpcarter (1098791) | more than 4 years ago | (#31603426)

Agreed. The press release [secunia.com] states that Secuina "...announced that their renowned authenticated internal vulnerability scanner ... has been integrated with ... WSUS..."

Is this third party patch management or just a vulnerability scanner built in to WSUS?

Scanning is neat, but it would be one hell of a lot nicer if I could make sure Flash & Java are updated as easily as the latest Windows updates.

Re:Anyone with more info? (1)

Kaboom13 (235759) | more than 4 years ago | (#31604966)

I was part of the beta test. CSI 3.0 is a vulnerability scanner similar to their PSI software for home users. The difference being it remotely scans hosts over the network. It compares applications it finds on the pcs to a database, and lets you know if anyone of them have security updates available, existing unpatched security flaws, or are end of lifed/discontinued. The results include links to download the appropriate patches when available. The 4.0 version adds integration with WSUS A little used feature of WSUS is the ability to package non-Microsoft software for it, use a cert to sign it, and push it out to clients (assuming they have the cert you used to sign it added ot the local cert store. The hassle involved has made it seldom, if ever used, because there are easier ways to push out updates.

What they have done is create software that automates creating and signing the cert, distributing it to clients, signing the packages they have pre-made for you in their database, and adding them to the WSUS server. You can run a scan on your network, find out what software is actually out there in the wild (if you have ever had to wrangle a team of developers or designers that actually need the ability to install things on their own authority you can realize how useful that would be) and add packages to WSUS. you can then use WSUS to deploy them just like a Windows update. It actually is pretty slick, of course it all depends on their ability to provide a large and well tested database of patches.

I didn't have the time or resources during the short beta period to do a real test deployment, but what I saw seemed to work well. Of course the headline is completely wrong, MS has nothing to do with this, it is a vendor using a published api to extend their product. I have repeatedly contacted Secunia to obtain pricing info, but have NEVER received a reply. It is a pity because I like PSI quite a bit, and could probably have gotten a reasonable price approved.

Please let it include Adobe.... Please. (0)

Anonymous Coward | more than 4 years ago | (#31602632)

Everyone who deals with Adobe's lack of a real patch management system, chant after me...

yes (2, Insightful)

fulldecent (598482) | more than 4 years ago | (#31603136)

This is a good thing, if done properly.

It's also part of why people generally smile when they use their phones and frown when they use their computers.

Re:yes (0)

Anonymous Coward | more than 4 years ago | (#31604446)

Wow, helpful smileys!
I don't suppose it would have to do with the fact that computers are capable of a lot more and a lot more complex than phones.
Yeah DVD players are simple as shit but so is their functionality.

*Yawn* (1)

necrogram (675897) | more than 4 years ago | (#31603158)

This is nothing new. MS has a tool called System Center Custom Update Pubpluser (or SCUP). Dell, Citrix, and Adobe Flash all have had catalogs to publish into WSUS/SCCM since 2007. Shavik put out a custom catalog last week.

Microsoft doesn't even do this internally! (2, Interesting)

SoonerSkeene (1257702) | more than 4 years ago | (#31603174)

I've long wondered why Microsoft doesn't use their Windows Update/Microsoft Update infrastructure to offer updates for things like Windows Live Essentials, Sync, Mesh, any other technologies. Microsoft needs to institute a rule that every group at the company *must* use existing API's before inventing their own system... no duplicate functionality.

Isn't this a good thing? (0)

Anonymous Coward | more than 4 years ago | (#31603312)

Come on, we KNOW it's a package manager. They know we know it. However, beyond the mudslinging, and however late to the party they are, don't we owe MS a pat on the back for doing the right thing here? I mean they could flub it up, but this has the potential to be good for the MS ecosystem.

Die PatchLink DIE!!! (0)

Anonymous Coward | more than 4 years ago | (#31603392)

You had it coming.

Seems like a misleading headline... (1)

OdoylesRule (1765008) | more than 4 years ago | (#31603700)

Dang! I was excited, but alas WSUS isn't distributing the third-party patches, other software "Secunia CSI" is, which is not a free Microsoft download like WSUS is. You still need two different pieces of software (even if they ARE integrated) to accomplish this. Doesn't seem like big news.

Definitely Misleading (0)

Anonymous Coward | more than 4 years ago | (#31604116)

This refers to a press release from Secunia, not Microsoft. Secunia is hardly "in a unique position." ISVs have always had the option of integrating their update processes with Microsoft's system management software (Active Directory, SMS/SCCM, WSUS, et al). Most don't, however, as they would rather charge customers to use a proprietary solution.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?