NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 2003-q3

Re: Microsoft Numbering System

From: Mark L. Jackson (codewizardHOTPOP.COM)
Date: Mon Sep 29 2003 - 15:24:11 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 09:10 AM 9/18/2003 -0500, you wrote:
> > -----Original Message-----
> > Can't M$ just use ONE and only ONE numbering system so that
> > fewer people, like me, will get confused? This is certainly
> > one of the many things that M$ needs to put some of its
> > effort in its continuous improvement.
>
>What you're asking for is that all the detailed information, for several
>different products and several different downloads, should be stuck into one
>massive document. I'd see that as making things _more_ confusing, not less.

Not true at all. The rapidity with which M$ is shoving XML down our throats
should have fixed this problem long ago. If M$ is so sure that your can use
Office as a front end (because of XML attaching to back end databases) then
this is a perfect way to prove it.

The document could be an Excel spreadsheet or an I.E. webpage that shows in
Explorer (with folder view); listing the patches in the order of your
choice. Each cell would be a link to the KB article, the download site, and
indicator for installed/not, etc... This could all be done with an XML
schema, and having Office or Explorer attache to say windowsupdate.com
(when it works).

If M$ can build an XML schema to run hfnetchk then it could just as easily
be done inside of Office. Considering that M$ does only those things that
keep you in the corral, this would be a great way to do it. You would have
to have Office installed and legal, I.E. would be your default browser; and
only then would they patch your machine. The alternative (to 'look' like
they are not being monopolist) would be to have something similar to what
they have now. A confusing, ill-planned, and sometimes useless site for
downloading patches. Of course you would need a passport to get into it.

The backend would take time to set up, but if security and their customers
are ' job 1' then it should be done. Or (are you listening M$) if locking
customers in to M$ software is ' job 1' (and it is) then they should
implement this immediately. Of course they could just keep us on the
upgrade treadmill.

As for numbering that is easily solved.

issuenumber-productid-subproductid-version.incremental

An example would be 123456789-2k-sbs-3.4

123456789-KB - the knowledge base article
123456789-9x - 9/5-8 specific info
123456789-NT- NT specific info
123456789-2k - 2000 specific info
123456789-XP - XP specific info
123456789-03 - 2003 specific info
123456789-off - Office
123456789-vis - visio
123456789-wrd - word
123456789-xcl - Excel
123456789-ppt - Powerpoint
123456789-SMS - SMS
123456789-sim - flight sim
etc.....

Everything would key off the issue number. So if you put this on the web
site, the URL would look something like this:
fix.microsoft.com/aspx?123456789. This page would have links to the
article, the patch for each systems affected. Using frames the page could
display in the left frame with a drop down or ordered list that would open
in the right frame. Or they could use the current technet setup and have
the left frame display the issue numbers and would select yours and open
the list showing the separate d/l pages underneath, with the KB article in
the right frame.

>The security bulletin tells you what the general effect of the bug is, what
>software is affected by it, and how critical it is. It includes a link to
>more detailed information and patches for each of the software versions
>affected. How is this confusing?

Bit condescending there, Alun. Fact is it is never that simple. Ignoring
the fact that several issues are in fact under different numbers you have
the problem of different people using different references, even on this
list. If I don't know the Security Bulletin I.D. then how would I find the
info? Have you tried to search for information on the techenet/support/msdn
sites? It sucks. What if I have been given the patch number? Have you tried
following the numbers backwards. It is not that easily done. I have on
several occasions been met with 404 on a page, or the notorious error page
generated by I.E. about checking MY connection. Or worse been given a bad
number only to spend hours trying to match the system to a patch which
might not even exist.

>Alun.
>~~~~

----
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to

http://www.trusecure.com/offer/s0100/

----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]