I had a conversation with one of the senior systems admins in my group today. The conversation was basically why is it easier to get to VMware patches and to know what has been released to you than it is with Microsoft’s patches? Beyond the basic “well Microsoft has way more software to support” answer, I came to the conclusion that VMware’s website organization of their patches for their products is far superior to Microsoft and their emails alerts are actually useful.
Number one, their site sorts the patches by date, lists the issue addressed and gives enough description to determine if this patch applies to you – all from one web page. Microsoft is quite capable of doing this same thing, but their knowledge base and procedures for posting these does not have one simple and efficient interface to find the gobs of patches they release.
Number two, I think that a line I heard while in Colorado Springs from an HP guy holds true. VMware is a technology company that understands technology and tech workers. They understand our struggles and that’s why you see experimental features introduced early and quickly into their products, even before q/a testing is completed. That’s why you see patches quickly and often as bugs are located and squashed. And you compare that with Microsoft and my general idea is that they just don’t get it. Sysadmins struggle to keep up with products and updates – I know I do. I’m inindated with information on a daily basis and sometimes patches are low on the list, regardless of how important the patch may be. Plus there is the danged if you do, danged if you don’t thing with Microsoft patches. Sometimes they screw up more than they fix – there has been that track record.
Then there is the whole private patch problem. Microsoft will acknowledge a problem but not release the patch to the world. You have to contact them after finding a knowledgebase article, contacting your congressman, promising him your first born and then signing the 150 pages of legal documentation with Notary. Ok, maybe its not actually THAT bad. But, why would a software company find an issue, release a patch and then keep it private so that you must actually contact them for the patch and then only provide it to you with a time sensative, password-protected zip file?
Now, even after all that, there is the issue of Live Search and its inability to locate the correct knowledgebase articles in the first place. Google is a much better search of Microsoft’s own knowledgebase, in my opinion.
All conditions aligned, its tough to get what you need out of Redmond. And I think Microsoft has an obligation to its customers to step up and do a better job.
A few months back, Symantec also made the sales pitch for their managed service which collects a list of all vulnerabilities as they are found, along with the patches to correct them. Its sad when third party vendors have to become information agregators just to get the job done. But the Symantec solution isn’t perfect either. The Symantec service appeared to be security related, so I assume we’d be out of luck if we were looking at driver conflict type errors which had been corrected by Microsoft for MPIO, for instance.
I will say, maybe its not fair to compare some companies to Microsoft, but given the number of aquisitions and the number of product lines offered, I do think VMware is a more fair comparison than most. They are supporting a wide variety of product, but their procedures and practices are producting better results. And their information is easier to find and more readily available, it seems.