Newsletter Archives

• Cimpanu: Most significant security events of the 2010s

  Posted on December 6, 2019 at 05:33 CST by woody • Comment in the Forums

  Catalin Cimpanu on ZDNet has a fascinating article detailing the “most important data breaches, cyber-attacks, and malware strains of the last decade” — a lengthy list of malware milestones.

  Something struck me as I was reading the list. I couldn’t find one, single piece of Windows-based malware that appeared soon after Microsoft posted a related cumulative update. Not one.

  I know — and a Microsoft study backs me up — that, in recent years, the chances of getting infected shortly after a security patch appears is very tiny. But I didn’t realize that the pattern has held true for a decade.

  Can you prove me wrong? Is there any significant piece of malware in the past decade that appeared shortly after the related cumulative update? For sake of argument, let’s say “shortly” = 3 weeks or so. If you can find one, I’d sure like to hear about it.

  Windows Patches/Security knee-jerk

• The case against knee-jerk installation of Windows patches

  Posted on June 16, 2019 at 21:12 CDT by woody • Comment in the Forums

  I finally had a chance to put together a manifesto for a heretical position I’ve taken publicly for more than a decade:

  Windows Automatic update is for chumps

  Yes, you have to get patched sooner or later (although Group W holdouts will disagree), your Sainted Aunt Martha should be on auto updates, and a tiny number of patches have to go in right away. But in the vast majority cases, for the vast majority of people, installing patches as soon as they roll out just doesn’t make sense.

  Unless you have a staff charged with vetting patches, it’s much smarter to crowdsource patch beta testing. Don’t get pushed into blindly taking what comes out the auto update chute.

  Details in Computerworld Woody on Windows.

  Office Patches/Security, Windows Patches/Security knee-jerk, manifesto