Third party patches, 3rd party workarounds - here to stay
I have written before here and here about my feelings on 3rd party patches. Basically, my feeling is that it is like playing Russian Roulette. However, with this latest VML vulnerability and the subsequent patch by ZERT (zero day emergency response team), I am beginning to think that my opposition may be akin to spitting in the wind. People unwilling to wait for MS's patch cycle to address this, are going to take their chances. I do not think this will work for large enterprises. Generally, they do not put out patches willy nilly, however for small business or consumers, they are going to be driven into this. Good discussion of this on IT Business Edge.
Another approach is being taken by Patchlink. Instead of releasing a patch, they have released a more limited work around which should protect you until MS releases their patch. The catch is you have to be a Patchlink customer to get it. Sounds safer, if you are a customer. If it is any good, I think they would gain more PR and good will by making it generally available than hording it for their customers only.
Comments