Join or sign in Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below. Use Your Email Use FacebookUse Linkedin

How failing to update can morph into a global problem

Locked

Do you agree with Jonathan Yarden that worms and viruses would cease to be a problem if everyone habitually applied patches and updates to their systems, or do you think the issue is more complicated? How does your organization approach patch management? Share your comments about how failing to apply updated magnifies errors into global problems, as discussed in the Nov. 15 Internet Security Focus newsletter.

If you haven’t subscribed to our free Internet Security Focus newsletter, sign up today! Click this link to subscribe automatically:
http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e044

Topic

talk is cheap

In reply to How failing to update can morph into a global problem

It is wishful thinking to assume that all this talk about securing ones pc is the responsibility of the user. It is easy for us who have an idea about what is meant by patches and upload and securing etc, but in my 20 years in this field I feel that now is the best time to be a regular pc service guy since the amount of securing is beyond the grasp of 90% of the general public. We need firewalls, popup stoppers, spyware stoppers virus software and that is even before the updates. We haven’t even mentioned the patches that come along with the faulty software in the first place,, so yes it is a nice dream, but I think if we just brought software companies to task about quality and product reliability and who is responsible for these issues maybe they would pay more attention to this issue in the first place. It has been said many times before, but imagine if all the cars on the road had to be recalled every 6 months due to corporate negligence — I think if we would hold MS and others responsible for their products then maybe we would have more secure reliably products in the first place. But to assume that this is a task that the 90% of general users can handle is not very realistic.

Yes they might be able to click on the update sSP2, but who do they turn to when they have the next message “SYSTEM FAILURE – error shutting down windows, please see administrator.”

SO I think in fact it is safer not to do too much to a pc unless you really know what is going on, because they crash so fast and many times an update creates a problem they never had in the first place. SO I wonder which odds are better? Getting a virus or a system failure when attempting to secure ones PC.

Reply To: How failing to update can morph into a global problem

In reply to talk is cheap

You need to distinguish between company/corporate and home users.
Corporates can be expected to have security measures in place, but even these are not foolproof. Sometimes applying a patch/update can be worse than getting the virus. eg: XP SP2 which even stops a number of Microsoft’s own products working, SMS for one. So, I would certainly advise, not blindly applying all patches in a corporate environment.
Unless a home user has broadband, applying many service packs/updates is impossible anyway. I’d recommend that home users employ good regularly updated Anti virus/robot software and a firewall – rather than apply every patch to the operating system.
Also, its about time that ISPs did more in this area – they have the equipment and computing horsepower for the job and provide everyone’s connection in the first place.

Virus and Worms

In reply to How failing to update can morph into a global problem

I do agree with Yarden. I thing it is very important to educate the users about the updates and patches. If you are maintaining 1000+ PCs then for sure you will not only be educating the users but will be insisting to update their PCs regularly. If you have a large number of computers then a remote update will be a good idea (if possible).

Parvez A. Siddiqui

On the corporate side of things

In reply to Virus and Worms

With a large number of users you first need to test to make sure that the supposed cure is not worse than the problem.

I’ve had one example of a Volume License Version of Windows XP Pro which durring the production of SP1 was declared as a Pirate Copy and would not install SP1. Well yes it could be right but in this case I do know that it was a genuine copy and even MS admitted this and provided a new key for every XP computer in the place all 2,500 of them, Just changing the Product Key took 6 guys 4 days over a public holiday to do and then we started to apply SP1 but only after it had been fully tested.

With the latest MS “Patches” for ISA we are still in the process of testing because if it breaks the system the down time isn’t merely a nuisance but is measured in millions of Dollars per hour, but what is far worse is the fact that you have all the end users calling in complaining that their e-mail or what ever no longer works.

Now as for SP2 well I’m only recommending that it be installed on test stations and not rolled out across the companies that I administer now. Even with an ADSL connection it is a big download and I actually think of it as a rewrite of the Source Code of XP rather than a patch.

The one thing however that I try to prevent is the end users installing software as more often than not they themselves break the system because they do not know what they are doing.

I feel for the guys who work in the Home Computer side of the market as from my limited experience it is certain that any Virus updates will not be installed let alone the MS patches which are made available. There was one persons home computer that I had to do a reload on because he got an infection that proved impossible to remove and after I delivered it back all nice and new again I attended there about 8 weeks latter and when I had a look see the AV updates which are supposed to be done automatically where not downloaded and they where current as of the reload. No AV scan had been done since I returned it and certainly no MS updates had been applied.

Col

I agree; 100%.

In reply to How failing to update can morph into a global problem

I agree completely with this claim. I often listen to non Microsoft users who go on about their inpenetrable Operating Systems, ignoring modern security trends and threat prevention tactics. They implement their Sun system and turn a blind eye, only managing it for growth within the organization. In a way, I can’t wait till they have to shove their foot in their mouth. I currently work at tech support for a local ISP. It is unreal the amount of people who call in about their machine slowing down consistently until the internet is no longer accessible. I see users who have a virus scan that is 3 years old. I see users who have software firewalls that have never been configured. I see users who don’t even know what spyware and malware mean for their computer. I see users who are scared of SP2, because they are uninformed or “mis”informed. I see 95 and 98 machines still directly connected to the internet. I see ad infected free software installed by the dozens on their machines. Hopefully, they will only infect each other and keep the job market alive and well in our field.

not all updates are needed

In reply to How failing to update can morph into a global problem

I spend the time reading the update facts yes the actual KB articles on Microsofts Website and I am sorry but I do not agree with this articles thinking that all updates are needed. In the corporate world its up to the system admin guys to use their better judgement and choose what updates are needed. This goes for Servers and Desktops. I once had a boss who thought updates fixed all the problems and he called it extra value to the client. All to often that update blue screened a server causing hours of repair work in some cases. As for me I always call it make work projects installing updates. Updates in my mind are required when the software running on a computer or server requires it. There is also the old saying if it ain’t broke don’t dick with it. As for software updates some are good and some are bad, and yes it really does come down to the software companies to make a better product to start of with. Look at Novell how many times to they have an update? Yes they have service packs but weekely updates never.

Wish that was the simple truth

In reply to How failing to update can morph into a global problem

From the first day I build my first pc ( somewhere around winter 1981/1982 ) I have been dealing with program design failures in progs and OS.
Nobody’s guilt that “some” foults exist, they just do, is the credo of some very big developers.
Nonsense I say, a good prog or OS is designed to be safe and trustworthy. Like Novell Netware !
And, yes, this OS from Netware needs also a patch per year, but not a few leak stoppers a week, nor severe security leakpluggs a week.
I personally believe in solid trial periods and extensive testing before billing someone for a prog of my hand.
As a pro a do believe that a prog, and certainly an OS, should be at least of a globally described quality before it was sold, or it should not be sold at all.
There should be a global board of experts that would stop firms to sell faulty OS’s.
And in that case I doubt if Windows ever had the nerve to sell a leaky and faulty OS as they are doing for 2 decades now.
Every simple secondgrade highschoolkid with a pc can hack a windows os. I hardly call that trustworthy nor safe. So lets not start on a discussion about the numerus litle nice progs like trojans and stuf that can criple an OS like Windows. That is just a non discussion.
And it is unbelievable that the whole world spends so much money to make that kind of OS save against kids with a pc.
In my opinion the basics of this OS should be well designed en non corruptable.

Ren? Spruit

Worms & Viruses could stay with hackers

In reply to How failing to update can morph into a global problem

If all users including companies that aren’t up-to-date with their OSes, they might help by keeping up with the others instead of falling behind (like staying with Windows 98, ME, & other nonsupportive operating system. If everybody was up-to-date, then we wouldn’t have problems either. These people do this by their own choice, whether ignorant, or negligent.
People learn by hard-core mistakes. Everybody
in this world pays for their mistakes or choices
they make. Users who leave well enough alone
seem to think like how they have been told about cars, “If it isn’t broke, don’t fix it.” This
is what I was told when I was growing up. I just
rebelled and upgraded or altered my cars. This
isn’t how others are. They will just leave well
enough alone. If people would try and do something outside of a comfort zone, then we
might not have hackers, viruses, and worms, along
with Trojans. People just like to whine, gripe,
piss, and moan. These are things in life we live
with. Are we stuck with people like this? Do
people really like being so far behind? Is there a way of getting users to see that they
are in the wrong just like the software companies are until developers fix their flaws?

Updating is only half the problem

In reply to How failing to update can morph into a global problem

I think that the vendors should be responsible for their software until the software is known to have 0 defects. That would mean that Microsoft would have to patch all versions of the software until each version had 0 defects. Of course that would kill the revenue stream mostly. That would mean that people would only have to upgrade when they wanted the new features that were offered by the new version of the application. Of course Open Source does not matter because it is free anyway.
Speaking of software problems, I think that hardware vendors should be REQUIRED to have their drivers signed by the operating system vendor and the operating system vendor would not allow any unsigned driver to be installed on the operating system. Each driver would be verified in the strictest way to ensure system stability.

[Author]

Replies