On Mon, 5 Jul 2004, Alun Jones wrote: > The immediate patch carries maximum risk, and the perfect patch requires > unconscionable amounts of time to verify its correctness. Between those two > endpoints, however, you'll find a huge variance in what is acceptable risk > of damage from a patch versus acceptable delay to test. And unfortunately, > neither of those two values is a) measurable, or b) the same for each user. That's true. However, Microsoft has a much higher record of patches that break things than most other vendors. I don't believe that's because the people who write the patches are less competent, but I do believe it's because they are patching a horribly-designed system. Microsoft has bundled together so much stuff and interconnected so many applications with parts of the operating system that the system is extremely fragile, and any change is likely to have unforseen side effects. I can't recall ever installing a Linux vendor patch that has broken anything on my systems (I'm sure it has happened, just not to me.) That's because the various bits of Linux (or UNIX for that matter) are quite isolated: The windowing system runs as a normal user process; the Web browser is not "part of" the operating system; and filenames do not have magical side effects (.exe != chmod a+x), to name a few problems with Windows. I believe Microsoft is plagued with security problems and its patches are plagued with breakage problems because Windows is just a mess. Regards, David.
