Gosh, this sounds familiar. In my mainframe days, IBM used to issue monthly tapes with fixes. I've always thought that Microsoft should have taken more good ideas from IBM. In addition to monthly patches, this could also include stand-alone restore from tape or other media and support for real batch processing (not bolted-on scheduled tasks).
-- Doug C.
Run patches separately
While tedious, it is better to run patches separately and then check to see if the 'patch' broke any of your applications. Every patch needs to be fully removable, including DLLs. It also needs to documented, as to what DLLs and files it changes. This way, if you have a custom app or an in-house developed app, you know what to fix. If a patch breaks something, you have the option to roll it back, you know what to look at and can quickly fix what it breaks.
-- Bill M.
Ask yourself whether once a month works for you with other safety measures:
I can't help but conclude you are always better off (a) receiving notification and forewarning of a problem as early as possible, and (b) investing the time to remedy a problem as early as practical.
-- David P.
Monthly patching not enough
On the issue of Once Monthly Patching, I would have to say the premise would be sound on a relatively stable and secure operating system. However, Microsoft's track record seems to show Windows does not fall into such a category. If the issue of patching were related solely to performance or function updates, monthly might be adequate. In our school district we have several hundred desktop units. In light of the recent outbreak of worms and viruses, we count ourselves fortunate not to have been affected more so than we were. Given these events, we may be forced to consider alternate operating systems. The investment of time to correct breaches is too great to ignore solutions other than Windows.
-- Bill B.
Windows is flawed
Perhaps this will outlaw me with the MS crowd, but a whole bunch of workstations can get infected in a month. Rushing to market with known OS flaws is never a good idea (for those of you who would ask what known flaws, buffer overflows and Dcom problems have existed since 95/98 releases), coming up with new ways to fix the problem on a large market share of customer machines is never something that will be done cleanly, smoothly, or completely.
-- Steve S.
Patch bundles needed
From my perspective, once a month patching works great. It's the critical vulnerabilities that tend to toss a monkey wrench into the patch management arena. As you mentioned, low and behold, four vulnerabilites and one for Exchange come out. I really like the idea of cumulative roll ups (patch bundles have existed in the Unix world for a long time now), and it's about time Microsoft started thinking that way. The simplicity of downloading the most recent patch bundle for your OS version is very appealing to a distributed IT shop where desktop support becomes a factor in upgrades and deployment. It lowers my operational times and in turn the cost of support for the most part.
-- Steve N.
Once a month is best
I would welcome not having to apply individual patches all the time. Once a month would be much better than once a week. However, I'll believe it when I see it. As you said, Microsoft just issued the alert for four critical patches needed. I think the trend for frequent critical alerts will continue to occur making the once a month basically useless.
-- Rob K.
Broadband patch site needed
For those people with broadband, patching at any frequency is doable. For those with telephone modem and large bytes patch file is very inconvenient. Microsoft should have a site where people with broadband capability can download patches and provide these patches to telephone modem users. There is a very large population of telephone modem users who don't update because it is so inconvenient. I know! I am a volunteer teaching seniors to use the computer.
-- Henry U.