Every month we see the same pattern: Microsoft releases its Patch Tuesday regimen; the blogosphere flies into a frenzy about security holes that have to be patched right now; some patches have bugs; Microsoft fixes many of them in a week or two, warns about others, and stays mum on far too many.

Normal Windows users are left in the lurch. On the one hand, you have the threat of imminent malware mayhem. On the other, you have the threat of poorly tested patches. Wash. Rinse. Repeat.

It’s been like that for years. Don’t believe it? Computerworld has month-by-month details for the past three years starting here.

Meanwhile, the raging zero-days — the patches that are released with known in-the-wild exploits — make for great headlines. But they rarely, if ever, find their way into working exploits right away. It takes months, or even years, for new exploits to appear in malware that affects you and me. 

If you’re working with nuclear launch codes or top secret government communication, it’s another story of course. But for normal people, the threat from bad patches greatly exceeds the threat from freshly patched security holes.

To be sure, you have to get patched eventually. Some systems at high risk (for example, Windows DNS Servers two months ago) need to be patched right away. But for the vast majority of Windows users, waiting a couple of weeks to get the latest patches applied doesn’t hurt a bit — and it gives Microsoft a chance to fix the bugs they invariably introduce.

Copyright © 2020 IDG Communications, Inc.

Source link


Please enter your comment!
Please enter your name here