Microsoft XP SP2 (was Re: Lazy network operators - NOT)

Mon Apr 19 17:39:10 UTC 2004

** Reply to message from Drew Weaver <drew.weaver at thenap.com> on Mon,
19 Apr 2004 13:42:53 -0400

> -- Jeff said -- 
> 
> 
> Patches either need to be of a size that a dialup user doesn't have to
> be dialed in for 24 hours to download and install them.  Or .iso's
> should be available for ISP's to download, turn into CD's and
> distribute as appropriate. Wouldn't that be nice for a dialup user -
> getting Windows Update on a CD-ROM from their ISP?
> 
> To which I reply: 
> 
> 	It is somewhat unreasonable to think that ISPs should be responsible
> for the security of its users' systems on a systematic basis. 

Responsible? No.
Able to assist in maintaining that security (and thus that of the ISP's
network)? Yes. 

>Another reason
> the idea of a 'CD with updates' most likely wouldn't be effective is because
> by the time the ISP produced the CD, the user got the CD, and installed it,
> the patches would most likely not be the most recent available.

I can burn a CD from ISO in about 5 minutes - how about you? 
I'm talking about XP users who haven't even updated as far as SP1.
Win98 users who have never run an update in their life...  
Win2k users are usually the most patched up that I've seen - because
that went into mostly business environments. 
This would at least get them up to the level of the playing field,
where the routine updates are not as much of a hassle.  Sure, you'll
get the little old ladies and gentlemen who will drop by every month
for their service pack fix, but that's just customer service. 

> Also, do you
> realize how much the 'average technical school graduate type' makes just
> from acquaintances who complain that their computers are slow, by simply
> removing whatever "flavor of the month backdoor spam proxy virus" 

Ah, now you are talking about why I happily promote Ad-Aware and
Spybot. 

>I bet a
> good number of 'tech service calls' that companies such as PC On Call and
> people who service residences get could've been avoided by patching in a
> reasonable time period.

And your problem with the local ISP having this stuff available for
their users is? 

> 	However, awhile ago we tried an idea of sending out E-Mail alerts to
> our customers whenever a critical update of "Remote execution" or worse was
> released. We found that most of our users were annoyed by this, a different
> time we used a network sniffing tool to find a few dozen handfuls of your
> average home Dial-Up users who were infected with various malicious agents
> (I.e. Nimda, et cetera) and we actually contacted those users, to let them
> know and again we were met with more hostility. 

You definitely don't have our customers then.  Our usually appreciate
being told that their systems are screwed up. 

> 	From this interesting pattern I would surmise that users want their
> ISPs to be hands-off unless the problem that they're causing is effecting
> them directly. End users on the Internet see their connectivity as a right,
> and not a privilege. I remember when I was 13 (that was only 11 years ago)

Some of ours are like that. Most seem to realize their limitations and
are happy to know that at some level we are looking out for them. BTW,
for me 13 was many more years ago than that... RTM wasn't even in
college yet, I imagine. 

> and I signed up for my Freenet account at the Columbus Public Library (I
> believe it was, ? still is? Through OSU), they really made me feel like it
> was a privilege to be using the Internet, and I honored that.

Dial-up, or using their systems at the library? And you weren't paying
for the privilege, at least not directly. 

> Its just difficult to explain from a professional level what the effects
> these peoples' behavior (or lack there of) is having on the rest of the
> community. Think of it like people who drive monster SUV's, they can afford
> the gas, and the insurance so they don't believe that the harm that these
> beasts do to our environment matter, because again its their god given right
> to drive them.
> 
That's a whole 'nuther horse to kill there.
-- 
Jeff Shultz
Network Technician
Willamette Valley Internet