IT-Analysis.com
IT-Analysis.com Logo
Enterprise SME Business Issues Technology Services Channels
Top Level padlock  Login | Free Registration 
Archive  | Papers  | Events  | Newswire  | Blogs  Contact IT-Analysis.com 
Module Header
Peter AbrahamsAbrahams Accessibility
Peter Abrahams
7th February - Android: Ice Cream Sandwich Accessibliity
David NorfolkThe Norfolk Punt
David Norfolk
7th February - BCS CMSG Conference 2012
Neil Ward-DuttonMWD Advisors
Neil Ward-Dutton
3rd February - Developing process applications: a place for everything, and everything in its place
Fern HalperFern Halper
Dr Fern Halper
31st January - Four Vendor Views on Big Data and Big Data Analytics: IBM
Fran HowarthBloor Security Blog
Fran Howarth
30th January - Getting ahead in the cloud
Philip HowardBloor IM Blog
Philip Howard
25th January - Cassandra and Hadoop
Blogs > Nigel Stanley
Blind Patch Ballet
Nigel Stanley By: Nigel Stanley, Practice Leader - IT Security, Bloor Research
Published: 13th September 2006
Copyright Bloor Research © 2006
 Logo for Bloor Research

Like many people this morning I undertook the regular automatic update of my PC with three fixes from Microsoft.

http://www.microsoft.com/technet/security/bulletin/ms06-sep.mspx

It's a bit like ballet as you nimbly install your patches, reboot your machine and dance around the room with fingers crossed hoping the PC will reboot and come alive again.

I, like many others, do this update blindly with no testing. Are we right to be so trusting?

Patches are complex things. They are released by software manufacturers to address bugs or security flaws in their applications but patches have little information on what other software will be affected by their installation.

In addition patches can be presented in different formats, each of which operates in a slightly different way and will have implications for effective patch deployment.

The pressure to apply patches is enormous. Each day that a system remains unpatched can mean another day that the system is vulnerable to malware or hacker attack.

If a patch is blindly installed on a PC it can affect the stability of the computer and lead to system crashes.

For example:

"Security patch crashes Explorer, Office..."

PC PRO April 2006 - http://www.pcpro.co.uk/news/news/86130

"Security patch crashes IE..."

PC PRO August 2006 -

http://www.pcpro.co.uk/news/91983/security-patch-crashes-ie.html

"The Internet Explorer patch that Microsoft released earlier this month not only caused the browser to crash on many machines, but also produced an exploitable condition in IE that is currently unpatched."

searchsecurity.com August 2006

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1212016,00.html

Historically the only way to determine if a patch will affect a PC is to laboriously load and test the patch against every application that has been installed on the PC. This can take many days and will never be a thorough test as the number of component settings changed by patch can be huge.

Alternatively many organisations will simply load the patch and hope it does not affect their PCs - often with disastrous results as the patches can take down other applications.

From a security point of view a fully patched PC is one of the best safe guards against malware and hacker attacks and is a vital component in an Assured business.

But how long will I be able to play blind patch ballet before my PC trips and falls over on the dance floor?

 

Reader Comments

We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Advertisement


Analysts
Bloor Research Hurwitz & Associates Hydrasight Interarbor Solutions MWD Advisors Quocirca Sageza Group, Inc. The Information Difference
Advertising | Contact | Site Map | Terms of Use | Privacy | Accessibility
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)190 888 0760
Fax: +44 (0)190 888 0761

Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761
Email: