Security fixes - at what cost?

  • Thread starter Thread starter JCH
  • Start date Start date
J

JCH

I continue to be amazed at the never ending stream of Windows OS fixes to
remedy newly discovered "vulnerabilities." I often wonder, and I'll put
this out as a question for those who might know, what are the trade-offs for
these fixes? In other words, I'm glad that my XP is becoming more secure
(at least until a few hours later when the next potential vulnerability
surfaces), but how are these fixes affecting the performance of my OS? Am I
losing some feature(s) that I didn't know about? Is the efficiency of the
system suffering because of the endless security patching? I just wonder
what these patches do not in terms of protecting my PC, but in terms of
their effect on system performance and functionality. I don't believe I see
a noticeable difference but then I haven't run a benchmark on pre- and post-
patching. Just curious... Are these patches passsive, only coming into
play when a certain set of circumstances (a hack attempt) arise?
 
Broad question(s) with no fixed or easy answer. Typically security patches
are performance neutral although there was one a couple of months ago that
hammered some systems in some instances. However there is a possibility that
some application you have may be depending on an unpatched flaw, directly or
indirectly, and may stop working when the loop hole is patch. Word on the
street is that appears to have happened with one of Google's task bar add
ons and that rather recently. In fact a lot of the application compatibility
issues with 9x applications on XP revolve around unsafe programming
practices. Now that XP has closed down some of the loopholes in 9x registry
and directory structure handling, these apps are rendered dysfunctional.

Do you actually needed *all* the security patches being available? That's
tricky to answer. Technically no. When a patch is offered you can look to
see what's impacted, why it's being offered and then decide whether or not
you're actually personally affected. The problem is that if your usage
habits change in the future and you start using one of the features with the
exposed vulnerability then you will need to patch up if you haven't already.
Another potential issue may arise if a given patch has any dependency on
another, in which instance you'll be forced into installing the earlier
patch.


--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp
 
It depends somewhat on the environment you are in and your usage patterns.
If you are a home user, don't do any file sharing by which I mean you don't
use file share networks, stay out of IRC chat, then as long as you have
antivirus software that you keep up to date, a firewall and certainly a
router if you are on a broadband connection, that should be all you need.

Trade offs, probably not much in the way of performance, XP is pretty robust
but there have been issues from time to time where various patches blew out
some other part of the OS and that's always a risk.

These patches are meant to address exploits that are found as hackers
continually test the system and, for the most part, they are going after
servers though if you are on a broadband connection, they do like to try to
hijack your system for their own purposes, mostly to cover their own tracks
when it comes to sending spam or porn so they can't easily be traced.

If you are in an enterprise environment, some multi-desktop client/server
network, then regardless of firewalls and/or any hardware tools, it is plain
stupid not to patch against known exploits which is what these security
patches are designed to protect against. Any SysOp that doesn't install any
and all such patches when exploits become known and fixes available should
be fired. And that's certainly true of setups that are Internet servers or
act as such and all webmasters and SysOps who handle web sites and web
servers.
 
I continue to be amazed at the never ending stream of Windows OS
fixes to remedy newly discovered "vulnerabilities." I often wonder,
and I'll put this out as a question for those who might know, what
are the trade-offs for these fixes? In other words, I'm glad that my
XP is becoming more secure (at least until a few hours later when the
next potential vulnerability surfaces), but how are these fixes
affecting the performance of my OS?
Click to expand...



There's never any guarantee, of course, but by and large there's
no effect on performance (or an effect small enough that it's nor
noticeable).

There are exceptions, of course. There was a so-called critical
update a few months ago that dramatically hurt performance on
many people's machines. It was withdrawn, and a replacement
issued later.

So my view is that there's normally nothing to worry about here.
It's more important to close security loopholes than to worry
about a possible rare occurrence of a performance problem.
 
When I receive notice of any patches I always read everything about it
before deciding if it applies to my system or not. There have been several
that really apply to servers or net-worked machines and mine is a stand
alone machine with dial-up connection, a firewall, antivirus protection,
spyware program and I never open anything without checking it first, I don't
download all updates just ones I think apply to me <g>
Joan
 
Back
Top