In article <cic5mb.c64.ln@dsl-gervais-88.web-ster.com>,
"AthlonRob <athlonrob@nodomainhere.ext>" <> wrote:

How is it, really, any more of a security risk than running any other 
closed-source application on your network?

The key differences are that:

1) they are necessary for the business;
2) many will provide mechanisms to inhibit auto-update (system administrators,
   can stop users from even manually running Windows Update, and many do) or
   will only ever be manually updated;
3) there is a perception that the financial threat to a company that 
   has their auto-update system compromised is greater than that to
   a university, and staff are less likely to try than students.

However, one of the main issues isn't security, but stability.   Critical
systems, or systems which are not individually critical but would become
critical if there were a common mode failure, normally have upgrades 
imposed in a very controlled way, both selectively and with a long
stability test before they are put out.  At the moment, although BOINC
may have a facility to allow the PC operator to inhibit the updates, 
there is no indication that it supports a "group policies" mechanism that
would allow a system administrator to be the only person able to initiate
an update.

Hell, over 90% of the Internet was still using IE *while* it had a known 
security hole in it allowing the remote execution of code.

You have some case in the case of a common mode failure of individually
non-critical machines, but not in the case of servers, which, in many
cases, are where S@H gets run.

Both sides have been extensively argued on Berkeley's "What's Next" 
builletin board.