Will this take the headache out of patching for you or just create more?
By Patrick Gray
Published: 11 November 2003 09:15 GMT
Microsoft will release a series of security patches after midnight tonight in line with its new policy of releasing patches on a monthly schedule.
Industry sources anticipate the disclosure of multiple vulnerabilities in the Windows operating system. The company announced its shift to a monthly patching cycle as a part of a new security initiative unveiled at its Worldwide Partner Conference in New Orleans last month. Microsoft said it is introducing the new schedule to ease the burden on systems administrators struggling with the frequency of security updates.
However security professionals have avoided giving Microsoft's policy shift the thumbs-up, saying the effect is likely to be neutral.
Greg Shipley, chief technology officer of security company Neohapsis, said the new policy is likely to actually make some things harder for IT managers.
"The measuring stick is the volume of patches, not the release times," he said. "It's difficult because now we have to regression test all these patches in one lump sum."
On the surface the policy is a good one, Shipley says, because system administrators only have to schedule one service outage window per month. "But now you apply a bunch of patches, and something 'breaks' which one do you back up on?"
Furthermore, Shipley says the policy needs to be flexible in order for Microsoft to appropriately look after its customers.
"If a hole is found in the wild [Microsoft] should respond in a timely manner regardless of their patch cycle," he explained. "But if they're doing controlled releases then I'm not sure if it matters that much."
Security professional and former chief security officer of InterNIC Richard Forno also highlights the large time between updates as a potential source of risk.
He said: "Perhaps it makes it easier for the system administrators to do one major fix-it patch instead of several each month, but that means there's a greater window of opportunity for a bad guy to cause damage between patch cycles," he said. "Watch for the next major Windows exploits to occur within a week of a monthly patch being released by Microsoft."
"If I was a bad guy, that's when I'd release my malicious exploits," he added.
Patrick Gray writes for ZDNet Australia
The new policy is disasterous for home users that ...
James L. Dean
'If something breaks...' Greg Shipley said.
Wel...
Lionel A Smith
The user community is in excess of 1,500 people, across 40+ sites in the UK, Europe, The Gulf, USA, Australia and the Far East. This is a shift based ...
The role will involve the assessment of vulnerabilities, patch testing and application deployment via remote systems such as SMS/SCCM, WSUS and ...
Ensure that all stakeholders are kept well informed of the status of Patches and Software bundles. Defining and implementing the standards, ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business