Would it be that hard to have windows update check to see the version of SQL server? Its sad but I know a lot of MS admins only use windows update to check for updates because awhile ago Microsoft pushed it as the premier method of which to update your systems. Im just saying if they included all fixes in one spot instead of halfway automating it and halfway making it cryptically difficult it would benefit everyone. -Drew -----Original Message----- From: Jack Bates [mailto:jbates@brightok.net] Sent: Tuesday, January 28, 2003 10:36 AM To: ekgermann@cctec.com; Leo Bicknell; nanog@merit.edu Cc: Eric Germann Subject: Re: What could have been done differently? From: "Eric Germann"

Not to sound to pro-MS, but if they are going to sue, they should be able

to

sue ALL software makers. And what does that do to open source? Apache, MySQL, OpenSSH, etc have all had their problems. Should we sue the nail gun vendor because some moron shoots himself in the head with it?

With all the resources at their disposal, is MS doing enough to inform the customers of new fixes? Are the fixes and lates security patches in an easy to find location that any idiot admin can spot? Have they done due diligence in ensuring that proper notification is done? I ask because it appears they didn't tell part of their own company that a patch needed to be applied. If I want the latest info on Apache, I hit the main website and the first thing I see is a list of security issues and resolutions. Navigating MS's website isn't quite so simplistic. Liability isn't necessarily in the bug but in the education and notification. Jack Bates BrightNet Oklahoma