Sun Java security updates/ Windows software update rant…



Incidents.org has the story on Sun’s release of new versions of the Java Runtime Environment and the Java SDK to fix some remote security vulnerabilities.

These security vulnerabilities could allow malicious, untrusted code to compromise a user’s computer. Sun recommends that users update to the newest version of the SDK and JRE available at http://java.sun.com .

Secunia advisory


It would be nice, REAL nice if there was SOME sort of unified, certifiable trusted repository for companies to upload security fixes to for Windows software. (Browser plugins, media players, etc. etc. etc.) Think about it. Linux distributions usually ship more than an OS, they ship the operating system an office suite, browser plugins, games, educational software etc. But they also provide a way to get security updates for any of the above if applicable. Usually from a central updates repository (or a mirror.)

Wouldn’t it be nice IF there was some sort of windowsupdate site that would allow you to choose (or scan for) different software channels to update. Instead of just Microsoft software as the current windows update does… Say it would scan to see if you needed any updates from the Adobe channel, or the Sun channel, or the Mozilla channel. The big problem is that most of these are Microsoft’s competitors, so it would have to be a third party site, and license restrictions would likely prohibit the redistribution.

What if you didn’t redistribute though? What if you merely had a website that you could select (or have a software download to scan) update sources (adobe, macromedia, real networks, etc.) and updates could be automatically selected for you. Maybe even offer the choice of security updates only or major updates. Then the site could pull the download directly from the third party (adobe/macromedia/whoever) site. I don’t see HOW any publisher in their right mind wouldn’t want something like this to work. Security updates for EVERY level of software seem to be an essential part of keeping a system secure and with software from multiple vendors it get’s to be a nightmare.

I guess I’m just wondering how joe user is supposed to be expected to keep up with all this? Corporations have money to spend on IT departments have them control what’s deployed to desktops updates there can be done site wide by editing a login profile. How does somebody with 45 different apps preinstalled on their machine and they’re not quite sure what any of them do deal with this?

I have seen some recent improvements. I’ve seen one software installer that has an autoupdate feature that checks for updates for all software packaged with that installer. Not a bad idea, not unified though – what if you had one running in the background all the time for all the different software packagers… (?) anyway…. done ranting…. I guess that was one reason I was glad to hear of the Mozilla-Firefox 1.5 feature of auto-updates…

   Send article as PDF   

Similar Posts