Poll: How often should Apple issue Security Updates?

[Doctor Q]

In an ideal world, Mac OS X would never need security updates. However, given the reality that they are necessary, Apple issues Mac OS X Security Updates every month or two, not on a regular schedule.

If Apple issued them more often, they would close security holes more quickly, but the workload for users to download and install the updates would be increased.

If Apple issued them less often, they would leave security holes open longer, but the workload for users would be decreased.

What do you think the ideal balance should be?

 

[Applespider]

Is it really that tough to install a Security Update unless you're doing it across multiple business-critical machines when you likely have to test it?

Wouldn't fixing piecemeal mean that it was less likely that they'd all been tested in conjunction with the other fixes? This way at least they can fix a batch, test they all work and release it.

The only caveat to the current system should be if something is discovered which is majorly exploited - and which the fix is more or less ready for - when I'd like to see it rushed out. Let's hope it doesn't come to that.

 

[neocell]

Seems like they're doing a good job now. In the 4 or so years that I've had my Macs haven't had an issue at all. Maybe if some big problem came out they should patch it right away (option 2 I believe) but I don't think that they should only respond that way.

By the way, I had to do a restart after installing the update and QT, but I don't remember seeing the little triangle icon thingy next to the updates

Maybe I'm just going blind

**EDIT**
Definitely blind. Just did my PB and triangles were next to each

 

[EricNau]

If downloading updates is too much "work" for you, then don't download the updates until you feel you can handle it. ...But for those of us who don't mind installing security updates, make them available to us as soon as they are ready.

 

[dejo]

Every month or two (as Apple does now)

I think this choice is misleading and makes it seem like Apple plans to release updates every couple months and will wait to release critical updates until that timeframe has passed. I don't believe that is the case. They will release updates sooner if necessary.

 

[~Shard~]

If a huge security issue arises, Apple should address it immediately, even if it's the day after a previous security update. If there are more minor issues, Apple should wait until they can release an update which addresses many of them, all together, as opposed to mulitple "1-fix" updates.

I agree, it's a delicate, tricky balance for Apple.

 

[Doctor Q]

I think this choice is misleading and makes it seem like Apple plans to release updates every couple months and will wait to release critical updates until that timeframe has passed. I don't believe that is the case. They will release updates sooner if necessary.

You are correct that we can't claim to know how Apple balances seriousness and time. We know only that the time between their updates has been variable but typically in that frequently range, and that some updates include many more changes than others. So they clearly don't issue them as soon as they know of problems, and they also don't collect until a certain length of time has elapsed.

Issuing them more often would add to the expenses for Apple, since each group of updates must go through internal testing before release.

 

[Togglehead]

ASAP i say....that way it will most likely be a very minimal downlaod and install....

therefore, Apple can leave the users liable for their own security paranoia....get me?

Users cant complain to apple that there wasnt an update released, if it WAS released, and they just didnt bother to update....this would allow us anal users to downlaod them all the time

 

[bousozoku]

If a huge security issue arises, Apple should address it immediately, even if it's the day after a previous security update. If there are more minor issues, Apple should wait until they can release an update which addresses many of them, all together, as opposed to mulitple "1-fix" updates.

I agree, it's a delicate, tricky balance for Apple.

I'm of that opinion, too. There are some things that only a minority of users will ever see and may not even cause a real problem but only incovenience. However, high impact and pervasive fixes should be available before we read about them.

 

[janey]

However, high impact and pervasive fixes should be available before we read about them.

I completely agree, but that's not how things always work

Half the problem is getting people to run software update and install the updates. i for one can't be arsed to do it more than twice a month at most, and don't want random restarts after automatic updates or anything like that.

Also my biggest pet peeve about updates is that apple's differentiating between powerpc and intel archs for some of them (i.e. security updates and OS upgrades), which is a pain in the ass to be downloading ~500mb just to upgrade 4 macs (both ppc and intel) from 10.4.x to 10.4.6 if some of them automatically update and others manually update. Gives me less incentive to upgrade as soon as an update is out (i wait a few days to make sure crucial apps don't break, etc. anyway), because I need that bandwidth for other stuff

I have the latest security update and qt7.1 sitting in software update, can't be arsed to install.

 

[bousozoku]

I completely agree, but that's not how things always work

Half the problem is getting people to run software update and install the updates. i for one can't be arsed to do it more than twice a month at most, and don't want random restarts after automatic updates or anything like that.

Also my biggest pet peeve about updates is that apple's differentiating between powerpc and intel archs for some of them (i.e. security updates and OS upgrades), which is a pain in the ass to be downloading ~500mb just to upgrade 4 macs (both ppc and intel) from 10.4.x to 10.4.6 if some of them automatically update and others manually update. Gives me less incentive to upgrade as soon as an update is out (i wait a few days to make sure crucial apps don't break, etc. anyway), because I need that bandwidth for other stuff

I have the latest security update and qt7.1 sitting in software update, can't be arsed to install.

I suppose you can't. Perhaps, Apple should make Mac OS X PowerPC-only and run it all through Rosetta. How is that for an incentive to do the two different kinds of updates?

 

[UKnjb]

As often as necessary to ensure that the users are not exposed to 'threats'. Seems a simple choice to me.

 

[eva01]

When they are needed

 

[virividox]

issue them as soon as you plugged the hole! i dont want a hafe baked attempt at fixing the problem, but i dont want to wait 6 months for an issue to be fixed in a big all in one fix! so far so good

 

[janey]

I suppose you can't. Perhaps, Apple should make Mac OS X PowerPC-only and run it all through Rosetta. How is that for an incentive to do the two different kinds of updates?

Oh hells y....no!

The downside to releasing security patches as problems appear is that there will be a flood of them, and that might reflect badly on Apple.
I still think major security patches (like seriously critical problems that might compromise security in a really bad way) should be released as soon as possible, and all others every couple of weeks or whenever the next OS upgrade is. People aren't going to be openly exploiting small security holes...*knocks on wood*

 

[VanNess]

Until actual, real, bonafide (not hypothetical, not imaginary, not theoretical) malware shows up despite Apple's present efforts to keep the platform secure (by occasional proactive patches and further improvements to the OS X security model via OS updates like 10.4) that signals the emergence of a genuine ongoing threat to the platform, then whatever means Apple is currently deciding to issue security updates is fine by me.

The sky is still blue and the last time I checked the platform is still malware-free.

 

[Mitthrawnuruodo]

Went with "Only when a more serious security problem is found", if they came out with every little patch for every little harmless problems many would be annoyed and even more people would be bored (maybe to the point where they turn off any automatic check for new updates just to stop the nagging).

An alternative would be that all security patches where installed automatically, but just the thought of what a can of worms that could potentially be scares the pooh out of me...

But, whenever Apple comes across a serious security risk I want a patch fast, and if they start finding them more frequently then just keep those patches coming...

 

[Doctor Q]

What if Apple gave us complete information about the severity of every patch, and then issued updates once or twice a week?

We'd each be able to see a description like "hypothetical security issue" vs. "critical vulnerability" and each decide when we'd seen a serious-enough issue, or enough smaller accumulated issues, to warrant downloading and updating.

We already make this choice to some extent, but we don't have enough information to make informed decisions. If we could, there could be more frequent security patches without a corresponding increase in how often we choose to apply them.

 

[Lollypop]

To bad apple cant do a hybrid sollution, no matter the severity of a security fix, if they can allow us to download a patch without having to restart or stop our work they should do it. Otherwise they should bring out a patch once a month, providing that there are patches. Every now and then an all inclusive security patch would be nice!

 

[sunfast]

I like to have holes patched promptly. However, an inexperienced user might be concerned if security updates appeared very regularly.

 

[ImNoSuperMan]

If a huge security issue arises, Apple should address it immediately, even if it's the day after a previous security update. If there are more minor issues, Apple should wait until they can release an update which addresses many of them, all together, as opposed to mulitple "1-fix" updates.

I agree, it's a delicate, tricky balance for Apple.

You said it mate. Exactly what I was thinking. There`s no point in leaving Major harmful Loopholes unpatched for long. But then there`s also no point in releasing an update every now n then.

I think Apple should go for Automatic updates at least in case of Security Updates. The updates are checked for n downloaded even without asking the user. And the user is notified once the update is installed. He can choose whenever to restart as he wish.
On second thoughts, I dont know but such a feature may turn out to be the biggest Security Loophole ever . Downloading system files without even confirming the user

 

[Platform]

I said as a problem is found, but I have to agree that the updates should not pop up every day but one a more regular basis but not wait to release an important update until the next tuesday

 

[robbieduncan]

Where is the sensible option:

When they have a tested fix for the discovered problem.

There is no point in rushing untested and probably buggy code out to "fix" a problem as soon as it is found. This will only result in wider ranging larger problems. It's far better to fully test the fix and make sure that it itself does not cause any security or other issues.

If a security issue is not serious (say it requires physical access to the machine to take advantage) there is probably no need to release a patch immediately. If Apple reached the stage of releasing a patch every 2 weeks people would undoubtedly stop applying them when they were available leading to more Macs with unpatched serious bugs.

 

[Doctor Q]

Where is the sensible option:

When they have a tested fix for the discovered problem.

There is no point in rushing untested and probably buggy code out to "fix" a problem as soon as it is found.

That's the intended meaning of the "Immediately when any security problem is found" choice in the poll. Nobody wants fixes before they fix anything.

 

[Wellander]

Hi,
I think everyday.
zzzzWe all would have to run software update everyday of the week.