Software giant Microsoft is set to continue releasing security patches and other updates on the first Tuesday of every month despite admitting that malicious software authors have started exploiting the predictability of its updates.
"It's very difficult because on the one side we have businesses saying give us a set date when [the patches] are coming out and on the other hand we have the people instigating this saying, 'now you are being more predictable, I am going to build my processes around that.'.
"Two years ago how many [out of cycle] fixes did we release? Very few. Recent times we have done a lot of that to combat the zero day exploits," Peter Watson, Microsoft Australia chief security advisor, told ZDNet Australia.
Around three years ago, Microsoft started releasing security patches and software updates only on the first Tuesday of every month -- unless the patch was designed to fix a dangerous vulnerability that was actively being exploited.
Watson said that despite "Exploit Wednesday" becoming a regular occurrence, Microsoft has no plans to change its patching schedules for Windows Vista, which was officially released this morning.
However, Watson claimed that Vista is more secure by design and contains several security controls that will help reduce the operating system's vulnerabilities compared with previous versions of Windows.
One security feature he highlighted was Universal Access Control (UAC), which addresses one of the biggest criticisms of previous Windows versions. Before UAC, the majority of Windows users were logged in as administrators, which means applications -- legitimate or otherwise -- could be installed with little or no interaction by the user.
With UAC activated, applications cannot be installed unless the user gives permission -- usually by entering a password.
"UAC provides the ability for [Windows] to say 'did you know you are downloading something and did you really want to do it?'," said Watson.
