Friday, 10 September 2010

Windows Update Navigation of Security Update Descriptions: rant

"Security Update for Windows Server 200x (KB123456)
Typical download size: nnn KB , 1 minute 
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.  Details... "

Don't you just get tired of reading this same old message... Open up the description of any 'Security Update' in Windows/Microsoft Update and this is what you see... These messages are really so unhelpful... you'd have thought that Microsoft would have done something to alter such useless metadata over the last 5 years or so...

Then seriously... Do something about those 'Details' links... They ALL take you to this:-

Security Update for Windows Server 200x (KB123456)
Date last published: x/xx/20xx
Typical download size: nnn KB  
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system. 
System Requirements
Recommended CPU: Not specified.
Recommended memory: Not specified.
Recommended hard disk space: Not specified. 
How to Uninstall
This software update can be removed via Add/Remove Programs in Control Panel. 
Get help and support
http://support.microsoft.com 
More information

http://go.microsoft.com/fwlink/?LinkID=........

Finally? ... click on the link at the bottom of that window... and read what it's all about?  Not quite .. you still have to trail through confusing natter about 'attackers' and 'exploits' and 'vulnerabilities' to find out why... and since it all looks the same it's so hard to read anything... 

Suggested example of description of Security Update for Windows Server 2003 (KB2286198): 
Critical: When attempting to load the icon of a shortcut, the Windows Shell does not correctly validate specific parameters of the shortcut.  This may allow a remote attacker to take control of an affected system.
Details...(direct link to /bulletin/MS10-046.mspx)

Do I want to click on Details?  No... I don't want to open two more browser windows, and wade through expandable regions of text looking for the description of the update... 

Sort it out...

No comments:

Post a Comment