patchMicrosoft Tuesday?

Oh you savvy dog, you! You already know that it is the first Tuesday of every month when Microsoft (MS) releases all those security patches and other fixes… Microsoft wants to make your operating system and other MS products more secure and more functional.  Monthly and Free? More secure and more functional? Yep. That sounds pretty good of Microsoft, don’t you think?

What’s that you ask? All those fixes every month? Uh – Why can’t Microsoft make their products strong and secure right from the start? Hmmm. You weren’t supposed to go in that direction. But you know, those are really good questions! So, let’s see what we can dig up on them. Let me caution you though, to not get your hopes up too high for satisfying answers. Remember, this is the company that made you go to their Start Button to Shut Down your computer… Oh, and speaking about satisfying, wait till you hear about Exploit Wednesday

OK – why are there so many patches that last the lifetime of the software product? Why can’t software be created correctly before it is sold? Let’s oversimplify this answer just to keep it under 100 pages – and blame it on business rules and competition.

Consider the old Vista Operating System as an example. It is estimated Vista has around 50 million lines of code! That’s a bunch of code. Ideally it would be sold with no errors in those 50,000,000 lines of code. Now let’s pretend that quality control parameters allow only .5% margin of error in the code. That seems like a very tight margin of error – until you do the math. At even that small margin, a still very usable Vista Operating System could go to market with some glitches – theoretically, a possible 250,000 lines of code with error, according to that business rule!  Whoa, that’s a lot of fleas left on the dog!

And consider the notion that Microsoft, with a penchant for being the first to get to market with all their products, allows the post-beta testing phase of their products to be done by us, the consumer public. In other words, the company allows the product’s users to find those “possible” errors. The public then reports the errors back to Microsoft so that MS can, in turn, release patches and fixes to correct those errors.   Actually, pretttty clever… Think of the savings in time and costs for the company by letting the using public discover those errors/glitches that reached the post-beta testing phase.

Another “Hmmmm” you muse… “Could some of those users actually be cyber bad guys?” you ask.   Bingo again, you savvy dog, you.  It is usually the exploit from the cyber bad guys rather than the software errors reported by the using public that generate the required patches and fixes.

“But that kind of turns around my concept of releasing patches” you muse again. “I mean, the patches seem more reactive than pro-active”, you pant out loud! “That’s a really scary thought to think through. My computer is vulnerable all the time, it seems! I have to hope the next exploit won’t hit my computer while I have to wait for the patch/fix to be released so I can be safe from the last exploit but not the next one. And looking at the fact that the releases are monthly for the last 10 years…” Yeah, Browsing Bowser.  Makes the hair on my neck stand up, too…

 But are you starting to understand why immediately applying patches and fixes is essential not only to your security but also to slowing down the damage done by exploiters?  

Which takes me to Exploit Wednesdays

I’ll bet you already have a notion about this day, too! You are right if you think it is the Wednesday following Microsoft Tuesday! Cyber bad guys have talented code developers, too, who wait for the MS patches to be released on Microsoft Tuesday so that they can analyze the newly released patches and find ways to create new exploits. So the next day, Wednesday, or soon thereafter more exploits show up in the cyber world. And not to waste any opportunity, these exploiters use the monthly release schedule to their advantage – they know it will be at least a month before any patch will be released against them if they release their exploit on or near Exploit Wednesday

Software Exploits.

Exploited Users.

Microsoft Tuesday.

Exploit Wednesday.

Patch as Fast as Possible Thursday.

DogGoneComputers Rule Friday!

PS. All software manufacturers release patches and fixes as well, including Apple. So let’s be fair to Microsoft and include them all in this scenario…