Windows XP at $99 better at security patches than $30K SQL Server

THE INTERNET WIDE impact of routers being flooded with SQL attack messages can be laid directly at the feet of Microsoft.

The patch that would have prevented this problem (Microsoft Security Bulletin MS02-039, Q323875) is not only a manually applied patch, it is horribly obscure.

The patch updates debug libraries that less than 1/100 or one per cent of the installations ever use. Most people do not even realize that SQL patches do not automatically install and thus think that if they use Windows update it will take care of them.

Wrong. This is why 99.9% of the machines were vulnerable despite having been warned in July.

In the multibillion dollar world of developing Microsoft SQL server - yes, it has cost them at least three big ones so far - it has yet to write a patch utility to manage patches, so each and every patch is hand applied. The last cumulative patch took over an hour of two peoples' time per server to manually place each file and move each replaced file to a restore directory.

In other words, your $99 copy of Windows XP has a better patching system than your $30,000 copy of Microsoft SQL server - the average cost for two processor systems I bang out.

Or to embarrass Microsoft more -- if it is possible to embarrass them at all -- MySQL has a better patch system than Microsoft SQL Server enterprise edition does. µ