I think it's important to note that this is the third time this year, and second in a week, in which inherent architectural weaknesses in the Microsoft Windows operating system and applications infrastructure have brought the Internet to its knees, generating international headlines. I listen to the BBC and monitor news in a number of countries. This is not just US stuff.
\r\n\r\nIt's worth pointing out that Microsoft's solution to securing its Microsoft-OS supported Windows Update website was bog-standard.
\r\n\r\nThey unplugged it.
\r\n\r\nIt's nice to know we now have a Microsoft SOP for securing a Microsoft website.
\r\n\r\nProblems with patching. You enumerate several. I'll list some more.
\r\n\r\n- \r\n
- Most significantly: it doesn't work. In the case of Slammer, one [link|http://www.robertgraham.com/journal/030126-sqlslammer.html|excellent analysis] by Robert Graham notes that even 100% patch compliance of MS SQL Server boxes wouldn't have been sufficient -- because the vulnerability largely affected dekstop, not server systems (he also dryly notes that virtually everything you read about Slammer is wrong). For a given office or datacenter, a single infected host would effectively take down the entire network. Patch compliance of 100% is not economically or practically possible. Patching security holes is a misguided security solution. Systems must be secure by design, networks must minimize exposed services, and both development and usage patterns must emphasize security. This means not opening ports, and opening them only to local traffic when they are opened. \r\n\r\n
- Microsoft builds monolithic systems. "Integrated" is a codeword for "no choice" and "deeply entwined". Systems aren't modular, they are complex, and patches are likely to break things. \r\n\r\n
- Microsoft security updates are themselves monolithic. Rather than applying a specific fix to a specific problem, updates address a large list of ills, many of them of no particular use to a specific service or Internet application. \r\n\r\n
- MS Outlook and MS Exchange are two application monocultures with exceptionally poor security records. They're also at the heart of the MS end-user platform "stack", near-impossible to remove, particularly in corporate environments. Though there are those who live quite happily without them. I'll second your recommendation of Mozilla. \r\n\r\n
- It's not possible to back out updates. Applying them is a leap of faith in Microsoft. \r\n\r\n
There's probably more, but I'm running out of neurons.
\r\n\r\nUnder the "how to protect yourself" section, you don't advocate an OS switch, though this is implied from the overall tenor of the article. Any reason why not?
\r\n\r\nI'm also curious about your comment on OS/2 and worms. I though MS Windows code can run on OS/2. Or can't it?