Poll: How often should Apple issue Security Updates?

Discussion in 'macOS' started by Doctor Q, May 11, 2006.

?

How often should Security Updates be issued?

  1. Immediately when any security problem is found

    33 vote(s)
    42.3%
  2. Only when a more serious security problem is found

    19 vote(s)
    24.4%
  3. Weekly or more often

    2 vote(s)
    2.6%
  4. Bi-weekly or semi-monthly

    6 vote(s)
    7.7%
  5. Exactly once a month

    4 vote(s)
    5.1%
  6. Every month or two (as Apple does now)

    12 vote(s)
    15.4%
  7. A few times a year

    0 vote(s)
    0.0%
  8. Annually or less often

    2 vote(s)
    2.6%
  1. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #1
    In an ideal world, Mac OS X would never need security updates. However, given the reality that they are necessary, Apple issues Mac OS X Security Updates every month or two, not on a regular schedule.

    If Apple issued them more often, they would close security holes more quickly, but the workload for users to download and install the updates would be increased.

    If Apple issued them less often, they would leave security holes open longer, but the workload for users would be decreased.

    What do you think the ideal balance should be?
     
  2. Applespider macrumors G4

    Applespider

    Joined:
    Jan 20, 2004
    Location:
    looking through rose-tinted spectacles...
    #2
    Is it really that tough to install a Security Update unless you're doing it across multiple business-critical machines when you likely have to test it?

    Wouldn't fixing piecemeal mean that it was less likely that they'd all been tested in conjunction with the other fixes? This way at least they can fix a batch, test they all work and release it.

    The only caveat to the current system should be if something is discovered which is majorly exploited - and which the fix is more or less ready for - when I'd like to see it rushed out. Let's hope it doesn't come to that.
     
  3. neocell macrumors 65816

    neocell

    Joined:
    May 23, 2005
    Location:
    Great White North
    #3
    Seems like they're doing a good job now. In the 4 or so years that I've had my Macs haven't had an issue at all. Maybe if some big problem came out they should patch it right away (option 2 I believe) but I don't think that they should only respond that way.

    By the way, I had to do a restart after installing the update and QT, but I don't remember seeing the little triangle icon thingy next to the updates :confused:

    Maybe I'm just going blind

    **EDIT**
    Definitely blind. Just did my PB and triangles were next to each :)
     
  4. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #4
    If downloading updates is too much "work" for you, then don't download the updates until you feel you can handle it. ...But for those of us who don't mind installing security updates, make them available to us as soon as they are ready.
     
  5. dejo Moderator

    dejo

    Staff Member

    Joined:
    Sep 2, 2004
    Location:
    The Centennial State
    #5
    I think this choice is misleading and makes it seem like Apple plans to release updates every couple months and will wait to release critical updates until that timeframe has passed. I don't believe that is the case. They will release updates sooner if necessary.
     
  6. ~Shard~ macrumors P6

    ~Shard~

    Joined:
    Jun 4, 2003
    Location:
    1123.6536.5321
    #6
    If a huge security issue arises, Apple should address it immediately, even if it's the day after a previous security update. If there are more minor issues, Apple should wait until they can release an update which addresses many of them, all together, as opposed to mulitple "1-fix" updates.

    I agree, it's a delicate, tricky balance for Apple.
     
  7. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #7
    You are correct that we can't claim to know how Apple balances seriousness and time. We know only that the time between their updates has been variable but typically in that frequently range, and that some updates include many more changes than others. So they clearly don't issue them as soon as they know of problems, and they also don't collect until a certain length of time has elapsed.

    Issuing them more often would add to the expenses for Apple, since each group of updates must go through internal testing before release.
     
  8. Togglehead macrumors 6502

    Joined:
    Mar 16, 2006
    Location:
    Jersey
    #8
    ASAP i say....that way it will most likely be a very minimal downlaod and install....

    therefore, Apple can leave the users liable for their own security paranoia....get me?

    Users cant complain to apple that there wasnt an update released, if it WAS released, and they just didnt bother to update....this would allow us anal users to downlaod them all the time
     
  9. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #9
    I'm of that opinion, too. There are some things that only a minority of users will ever see and may not even cause a real problem but only incovenience. However, high impact and pervasive fixes should be available before we read about them.
     
  10. janey macrumors 603

    janey

    Joined:
    Dec 20, 2002
    Location:
    sunny los angeles
    #10
    I completely agree, but that's not how things always work :)

    Half the problem is getting people to run software update and install the updates. i for one can't be arsed to do it more than twice a month at most, and don't want random restarts after automatic updates or anything like that.

    Also my biggest pet peeve about updates is that apple's differentiating between powerpc and intel archs for some of them (i.e. security updates and OS upgrades), which is a pain in the ass to be downloading ~500mb just to upgrade 4 macs (both ppc and intel) from 10.4.x to 10.4.6 if some of them automatically update and others manually update. Gives me less incentive to upgrade as soon as an update is out (i wait a few days to make sure crucial apps don't break, etc. anyway), because I need that bandwidth for other stuff :rolleyes: :D :eek:

    I have the latest security update and qt7.1 sitting in software update, can't be arsed to install.
     
  11. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #11
    I suppose you can't. Perhaps, Apple should make Mac OS X PowerPC-only and run it all through Rosetta. :p How is that for an incentive to do the two different kinds of updates?
     
  12. UKnjb macrumors 6502a

    UKnjb

    Joined:
    May 23, 2005
    Location:
    London, UK
    #12
    As often as necessary to ensure that the users are not exposed to 'threats'. Seems a simple choice to me. :confused:
     
  13. eva01 macrumors 601

    eva01

    Joined:
    Feb 22, 2005
    Location:
    Gah! Plymouth
  14. virividox macrumors 601

    virividox

    Joined:
    Aug 19, 2003
    Location:
    Manila - Nottingham - Philadelphia - Santa Barbar
    #14
    issue them as soon as you plugged the hole! i dont want a hafe baked attempt at fixing the problem, but i dont want to wait 6 months for an issue to be fixed in a big all in one fix! so far so good
     
  15. janey macrumors 603

    janey

    Joined:
    Dec 20, 2002
    Location:
    sunny los angeles
    #15
    Oh hells y....no! :p

    The downside to releasing security patches as problems appear is that there will be a flood of them, and that might reflect badly on Apple.
    I still think major security patches (like seriously critical problems that might compromise security in a really bad way) should be released as soon as possible, and all others every couple of weeks or whenever the next OS upgrade is. People aren't going to be openly exploiting small security holes...*knocks on wood*
     
  16. VanNess macrumors 6502a

    VanNess

    Joined:
    Mar 31, 2005
    Location:
    California
    #16
    Until actual, real, bonafide (not hypothetical, not imaginary, not theoretical) malware shows up despite Apple's present efforts to keep the platform secure (by occasional proactive patches and further improvements to the OS X security model via OS updates like 10.4) that signals the emergence of a genuine ongoing threat to the platform, then whatever means Apple is currently deciding to issue security updates is fine by me.

    The sky is still blue and the last time I checked the platform is still malware-free.
     
  17. Mitthrawnuruodo Moderator emeritus

    Mitthrawnuruodo

    Joined:
    Mar 10, 2004
    Location:
    Bergen, Norway
    #17
    Went with "Only when a more serious security problem is found", if they came out with every little patch for every little harmless problems many would be annoyed and even more people would be bored (maybe to the point where they turn off any automatic check for new updates just to stop the nagging).

    An alternative would be that all security patches where installed automatically, but just the thought of what a can of worms that could potentially be scares the pooh out of me...

    But, whenever Apple comes across a serious security risk I want a patch fast, and if they start finding them more frequently then just keep those patches coming... ;)
     
  18. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #18
    What if Apple gave us complete information about the severity of every patch, and then issued updates once or twice a week?

    We'd each be able to see a description like "hypothetical security issue" vs. "critical vulnerability" and each decide when we'd seen a serious-enough issue, or enough smaller accumulated issues, to warrant downloading and updating.

    We already make this choice to some extent, but we don't have enough information to make informed decisions. If we could, there could be more frequent security patches without a corresponding increase in how often we choose to apply them.
     
  19. Lollypop macrumors 6502a

    Lollypop

    Joined:
    Sep 13, 2004
    Location:
    Johannesburg, South Africa
    #19
    To bad apple cant do a hybrid sollution, no matter the severity of a security fix, if they can allow us to download a patch without having to restart or stop our work they should do it. Otherwise they should bring out a patch once a month, providing that there are patches. Every now and then an all inclusive security patch would be nice!
     
  20. sunfast macrumors 68020

    sunfast

    Joined:
    Oct 14, 2005
    Location:
    London
    #20
    I like to have holes patched promptly. However, an inexperienced user might be concerned if security updates appeared very regularly.
     
  21. ImNoSuperMan macrumors 65816

    ImNoSuperMan

    Joined:
    Dec 1, 2005
    #21
    You said it mate. Exactly what I was thinking. There`s no point in leaving Major harmful Loopholes unpatched for long. But then there`s also no point in releasing an update every now n then.

    I think Apple should go for Automatic updates at least in case of Security Updates. The updates are checked for n downloaded even without asking the user. And the user is notified once the update is installed. He can choose whenever to restart as he wish.
    On second thoughts, I dont know but such a feature may turn out to be the biggest Security Loophole ever:D . Downloading system files without even confirming the user:eek:
     
  22. Platform macrumors 68030

    Platform

    Joined:
    Dec 30, 2004
    #22
    I said as a problem is found, but I have to agree that the updates should not pop up every day but one a more regular basis but not wait to release an important update until the next tuesday :rolleyes:
     
  23. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #23
    Where is the sensible option:

    When they have a tested fix for the discovered problem.

    There is no point in rushing untested and probably buggy code out to "fix" a problem as soon as it is found. This will only result in wider ranging larger problems. It's far better to fully test the fix and make sure that it itself does not cause any security or other issues.

    If a security issue is not serious (say it requires physical access to the machine to take advantage) there is probably no need to release a patch immediately. If Apple reached the stage of releasing a patch every 2 weeks people would undoubtedly stop applying them when they were available leading to more Macs with unpatched serious bugs.
     
  24. Doctor Q thread starter Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #24
    That's the intended meaning of the "Immediately when any security problem is found" choice in the poll. Nobody wants fixes before they fix anything.
     
  25. Wellander macrumors regular

    Joined:
    Mar 24, 2006
    Location:
    Huntington Beach Ca
    #25
    Hi,
    I think everyday.
    zzzzWe all would have to run software update everyday of the week.
     

Share This Page