Windows patch management is a little like taking out the trash or cleaning the toilets: It's not fun, but it has to be done. Most of the network administrators I know seem to approach it in one of three ways:
- Avoidance: they put it off as long as possible and then rush through it as quickly as they can.
- Automation: they turn on Windows Update's automatic update feature on all the machines, "set it and forget it" (which is really just another form of avoidance) and pray that they won't encounter any incompatibilities.
- Overkill: they set up an elaborate patch management programme that involves personally trying out every patch in a test bed environment on an exact replica of every one of their production servers and then using expensive and complex deployment servers to apply the patches, after running complete and comprehensive vulnerability scans on each system to document exactly which patches are missing — in essence, making patch management a full-time job.
Whether your network is a small business workgroup or a multi-domain enterprise, keeping the systems on your network properly updated is absolutely essential. New operating system and application vulnerabilities are being discovered every day, and as soon as a vulnerability is made public, someone, somewhere will find a way to exploit it. Avoidance isn't the answer
Avoidance isn't the answer, but it's most common among administrators of small networks — the ones that are least likely to have adequate fault tolerance measures and other security solutions in place and thus stand to lose the most — at least, as a percentage of their revenues — if their systems are hit.
To be effective, your patch management plan must be timely and continuous. Unfortunately, as with any type of preventative maintenance, it's easy to put it off because you're always busy taking care of more immediate problems. That means some type of automation is almost inevitable.
Talkback
So microsoft are putting Window's 2000 on the shelf just like they did with 98,But what about XP . Are they going to dump that op as well , i doubt it because for some reason, Microsoft think that XP is the best of the best, I DON'T THINKSO. I have found that using Windows 2000 is more stable than XP and doesn't freeze or crash as much and it's easier to use interface is better than XP , that's my opinion anyway,considering the fact that in the time i have used XP it has crashed several times causing me to do a format,this week alone i have had to reformat one of my hard drives ( which uses XP ) three times.So you can understand how angry i am at finding out that Microsoft are ditching 2000 for the sake of XP which in my mind is a bunch of cod's wallop so there.