Say what you will about Microsoft’s track record, and take or leave Patch Tuesday, but one way the company sets itself apart from Apple is in its relative transparency. ServerWatch columnist Paul Rubens argues that Apple’s approach: Slip the fix in while nobody’s looking, does nothing but burnish Apple’s image at the expense of its customers, who might not even know there was a vulnerability in need of repair.
What’s the best way for vendors to patch an enterprise operating system?
On a business level, it’s a tricky question to answer. On the one hand, security problems are bad PR; on the other hand, being seen doing something about those problems is good PR.
Back in 2003, Microsoft tacitly admitted its desktop and server operating systems were fundamentally insecure when it introduced “patch Tuesday” — the second Tuesday of every month when it releases all the security updates it has finalized during the previous four weeks. Having a regular patching schedule lets Microsoft show it acknowledges its problems and wants to be seen doing something about them. It also gives administrators a way to plan and prepare for operating system updates.
Apple has quite another way of dealing with the far less numerous security vulnerabilities that affect its OS X operating system. Basically, the company doesn’t advertise the problems and sneaks in security updates on an ad-hoc basis, hoping that as few people as possible will ever know there was a problem that needed attention in the first place. It certainly doesn’t go into the specifics of the vulnerability being addressed. The company’s approach is thus the opposite of Microsoft’s: It believes that appearing to have no security problems is of key importance, and if it can pull that one off, then it doesn’t have to worry about being seen to fix any.