I am over pointing fingers at Microsoft for having buggy, vulnerable code. As we see the tremendous effort they are putting forth to secure their OS and applications we are all slowly coming to understand that it is truly not their fault. They are doing just about all that is possible, short of breaking up the company, to counter and contain the monster they have created. Even the switch to monthly updates, which have become a part of life for system administrators everywhere, dubbed Patch Tuesday, is starting to fail with mid-month updates to counter vulnerability Wednesday announcements from so-called security researchers.
Next Tuesday, October 10th, Miscrosoft is announcing yet another passel of patches: six for Windows, four for Microsoft Office, and one in .NET. ( I am hosting a discussion of the patches and how to respond over at BlueLane on Thursday. Sign up for free here)
Next month the first versions of Vista are going to ship to enterprises. By mid next year Vista will be readily available and within three years it will have penetrated to about 50% of all computers. What effect will that have on Patch Tuesday? Cyber crime? New worms and viruses? None. Nada. Nyet.
My prediction: There will be critical security updates to Vista the second Tuesday of the first month after it is released. The cycle of continuous bugs, vulnerabilities and updates will not be impacted, it will even be exacerbated, by Vista.