IT-Analysis.com
IT-Analysis.com Logo
Enterprise SME Business Issues Technology Services Channels
Top Level padlock  Members Area | Registration 
Archive  | Papers  | Research  | Events  | Newswire  | Blogs  Contact IT-Analysis.com 
Module Header
David TebbuttTeblog
David Tebbutt
19th November - Collaboration: the old way. Why not?
Martin BanksBanks Statement
Martin Banks
18th November - This Cloud has a silver lining
Peter AbrahamsAbrahams Accessibility
Peter Abrahams
18th November - Major new accessibility features in Firefox 3.0.4
Martin BanksBanks Statement
Martin Banks
17th November - Psychology of data ownership may be changing at last
Tony LockFreeform Comment
Tony Lock
16th November - Clouds yet to fill the IT skies
Judith HurwitzJudith Hurwitz
Judith Hurwitz
15th November - My Top Eleven Predictions for 2009 (I bet you thought there would be only ten)
Module Header
Q. What topics do you want covered on this site?
 
  • addtomyyahoo4
  • Subscribe in NewsGator Online
  • Add to My AOL
  • Subscribe with Bloglines
  • Add to netvibes
  • Add to Google
Blogs > Nigel Stanley
Blind Patch Ballet
Nigel Stanley By: Nigel Stanley, Practice Leader - IT Security, Bloor Research
Published: 13th September 2006
Copyright Bloor Research © 2006
 Logo for Bloor Research

Like many people this morning I undertook the regular automatic update of my PC with three fixes from Microsoft.

http://www.microsoft.com/technet/security/bulletin/ms06-sep.mspx

It's a bit like ballet as you nimbly install your patches, reboot your machine and dance around the room with fingers crossed hoping the PC will reboot and come alive again.

I, like many others, do this update blindly with no testing. Are we right to be so trusting?

Patches are complex things. They are released by software manufacturers to address bugs or security flaws in their applications but patches have little information on what other software will be affected by their installation.

In addition patches can be presented in different formats, each of which operates in a slightly different way and will have implications for effective patch deployment.

The pressure to apply patches is enormous. Each day that a system remains unpatched can mean another day that the system is vulnerable to malware or hacker attack.

If a patch is blindly installed on a PC it can affect the stability of the computer and lead to system crashes.

For example:

"Security patch crashes Explorer, Office..."

PC PRO April 2006 - http://www.pcpro.co.uk/news/news/86130

"Security patch crashes IE..."

PC PRO August 2006 -

http://www.pcpro.co.uk/news/91983/security-patch-crashes-ie.html

"The Internet Explorer patch that Microsoft released earlier this month not only caused the browser to crash on many machines, but also produced an exploitable condition in IE that is currently unpatched."

searchsecurity.com August 2006

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1212016,00.html

Historically the only way to determine if a patch will affect a PC is to laboriously load and test the patch against every application that has been installed on the PC. This can take many days and will never be a thorough test as the number of component settings changed by patch can be huge.

Alternatively many organisations will simply load the patch and hope it does not affect their PCs - often with disastrous results as the patches can take down other applications.

From a security point of view a fully patched PC is one of the best safe guards against malware and hacker attacks and is a vital component in an Assured business.

But how long will I be able to play blind patch ballet before my PC trips and falls over on the dance floor?

 

Reader Comments

We are no longer accepting comments against this item. We suggest contacting the author directly.
Advertisement


Analysts
Bloor Research Freeform Dynamics Hurwitz & Associates Hydrasight Interarbor Solutions Macehiter Ward-Dutton Quocirca Sageza Group, Inc. The Information Difference
Amplitude Research, Inc. Applied Computer Research, Inc. Callio Technologies Computer Economics CoreBrand Cranfield School of Management DMC Valuations Group eMarketer
Advertising | Contact | Site Map | Terms of Use | Privacy | Accessibility
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)203 051 5760
Fax: +44 (0)870 345 9922

Published by: IT Analysis Communications Ltd.
T: +44 (0)203 051 5760 | F: +44 (0)870 345 9922
Email: