IT-Analysis.com
IT-Analysis.com Logo
Enterprise SME Business Issues Technology Services Channels
Top Level padlock  Login | Free Registration 
Archive  | Papers  | Events  | Newswire  | Blogs  Contact IT-Analysis.com 
Module Header
Peter AbrahamsAbrahams Accessibility
Peter Abrahams
7th February - Android: Ice Cream Sandwich Accessibliity
David NorfolkThe Norfolk Punt
David Norfolk
7th February - BCS CMSG Conference 2012
Neil Ward-DuttonMWD Advisors
Neil Ward-Dutton
3rd February - Developing process applications: a place for everything, and everything in its place
Fern HalperFern Halper
Dr Fern Halper
31st January - Four Vendor Views on Big Data and Big Data Analytics: IBM
Fran HowarthBloor Security Blog
Fran Howarth
30th January - Getting ahead in the cloud
Philip HowardBloor IM Blog
Philip Howard
25th January - Cassandra and Hadoop
Blogs > Nigel Stanley
Scrap Cars and Exploits
Nigel Stanley By: Nigel Stanley, Practice Leader - IT Security, Bloor Research
Published: 4th October 2006
Copyright Bloor Research © 2006
 Logo for Bloor Research

Pop quiz. You run IE in your business and another flaw is found in the software, which could be exploited by hackers. Microsoft say they won't release a patch immediately, leaving your version of IE vulnerable to attack. Do you install a third party fix to address the problem or wait until Microsoft release an “official” patch?

With the rise of organisations such as ZERT (Zeroday Emergency Response Team) it must be tempting for some to install a third party fix. ZERT is a group of techies with extensive experience in reverse engineering software, firmware and hardware coupled with liaisons from industry, community and incident response groups” that offer such a service. 

The pressure to fix zero day exploits is huge, and causes much angst for administrators. Testing patches against an estate is time consuming and difficult at the best of times, and no doubt doubly so using an “unauthorised” fix. Certainly Microsoft advise against using a third party fix and suggest waiting for an official release.

I guess there is an analogy in the motor vehicle industry. If you need a part for your car you to go to the main dealer and buy a manufacturer's original part in the knowledge that it is to the same quality as the factory fitted component? Alternatively you can go to a car superstore and buy an identical component that is made by another vendor at a cheaper price. Finally you could go to a scrap merchant and search through piles of junk looking for the part you need, remove it and pay peanuts.

Now, if you were looking at fixing your brakes which supplier would you use? If you were looking for another hub cap would you go to the scrap merchant?

Of course your decision will also be made on the type and nature of your car. If it is a brand new, in waranty vehicle you could create problems for yourself if you fit anything other than an original part. If you have a 10 year old Land Rover it is less an issue.

Ultimately the choice is yours. If I were running corporate IT I would suggest that it is more akin to your new “in warranty” car and I for one would be very loathe to fit anything other than a factory original part, even if I had to wait just a little bit longer for delivery. If I were really desperate I may fit an identical part from another vendor but would be swapping it out as soon as the real thing is available. Remember, like in all things, caveat emptor.

Reader Comments

We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Advertisement


Analysts
Bloor Research Hurwitz & Associates Hydrasight Interarbor Solutions MWD Advisors Quocirca Sageza Group, Inc. The Information Difference
Advertising | Contact | Site Map | Terms of Use | Privacy | Accessibility
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)190 888 0760
Fax: +44 (0)190 888 0761

Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761
Email: